Am 20.02.2012 10:07, schrieb Mike Gabriel: > Hi Alex, > > On Mo 20 Feb 2012 09:32:31 CET Oleksandr Shneyder wrote: > >> Am 19.02.2012 21:14, schrieb Milan Knížek: >>> Hello list! >>> >>> I am a bit confused re. the discrepancy between wiki and actual >>> behaviour of x2godesktop sharing: >>> >>> x the wiki [1] reads that >>> With the desktopsharing function of X2go you can have full-access >>> the desktop from somebody else... >>> >>> x when I (USER_B) connect from a remote machine with x2goclient to >>> "local desktop" (USER_A logged in on tty7 of x2goserver), the >>> USER_A's session is shown in the lists of sessions available for >>> sharing, however the button "Full Access" is greyed-out and cannot be >>> clicked. So USER_B is only allowed to view the USER_A's deskto. >>> >>> x having looked at x2godesktopsharing.git/sharetray.cpp, I can see that >>> this is due to "bShadow->SetEnabled ( user==getCurrentUname() );" and >>> have verified that the following patch removes the limitation: >>> >>> === >>> --- onmainwindow_part2.cpp<---->2011-11-25 13:08:10.000000000 +0100 >>> +++ onmainwindow_part2.cpp_mod<>2012-02-19 19:50:36.200838546 +0100 >>> @@ -1132,7 +1132,7 @@ >>> index.row(), >>> D_USER ).data().toString(); >>> bShadowView->setEnabled ( true ); >>> - bShadow->setEnabled ( user==getCurrentUname() ); >>> + bShadow->setEnabled ( true ); >>> } >>> } >>> >>> === >>> >>> Is this intentional behaviour due to the potential security issues >>> mentioned here [2] (anyway, the remote user _can_ recompile the >>> x2goagent to get rid of the limitation)? >>> >>> >>> [1] http://www.x2go.org/wiki:components:desktop-sharing#usage >>> [2] >>> http://comments.gmane.org/gmane.linux.terminal-server.x2go.devel/2437 >>> >>> Regards, >>> Milan >>> >>> >> >> I have disabled it, because in my opinion, security risk was just to >> high. At the moment, user can get full access only if connecting to his >> own desktop. Actually, removing such check in x2goclient should not do >> anything. > > Ok... > >> This check is also included in x2gostartagent. > > No, it is not. I can connect to other users' sessions with full-access > via python-x2go (pyhoca-cli).
It is not good. Giving such access to foreign people is just too risky. I think 90% of all users will not understand it. For example, perpetrator can manipulate .Xauthority file. >> Anyway, if in >> future we want to enable such feature, we should also modify >> x2godesktopsharing and ask user if he give to other people a full or >> "only view" access. With big, fat, red warning. > > That is a great idea. Let the user decide via x2godesktopsharing. Milan, > are you willing to work on that (with our help)? > > Greets, > Mike > > > > _______________________________________________ > X2Go-Dev mailing list > [email protected] > https://lists.berlios.de/mailman/listinfo/x2go-dev -- Oleksandr Shneyder Dipl. Informatik X2go Core Developer Team email: [email protected] web: www.obviously-nice.de --> X2go - everywhere@home
signature.asc
Description: OpenPGP digital signature
_______________________________________________ X2Go-Dev mailing list [email protected] https://lists.berlios.de/mailman/listinfo/x2go-dev
