Am 06.12.2013 18:44, schrieb Nick Ingegneri:
Whatever solution we choose has to work within the existing environment
and support the existing workflow. Our current workflow uses a mixture
of xhost and xauth to allow xclients to connect to xservers. While "ssh
-Y" may technically be an elegant solution, requiring it would break our
existing tools, processes, and scripts.
Well, guys, it's 2013, almost 2014, and we live in the Post-NSA-Scandal
world. The times of using "xhost +" and not having to worry about it are
long over. Do yourself a favor and change your scripts.
I acknowledge that there is a security issue with TCP connections in
X11, but that is an architectural issue with X11 itself and not with
X2Go per se. If the developers of X2Go were to make TCP connections
impossible then effectively the defined security model of X11 (as
documented in places like the XSecurity and Xauth man pages) would be
broken. TCP is part of how X11 works.
As a side-note, I hope you're aware that those newfangled GUI thingies
like Wayland and Mir are ditching TCP in their core design? Just sayin'
(I don't like them, either) - not that that comes to bite you in the
lower back in a few years when you don't expect it.
Once it became apparent in our testing that exporting displays didn't
work as expected, the system administrator who installed it went through
the configuration files and documentation looking for a solution. He
couldn't find one, so he escalated it to me to look into. If we hadn't
been able to find a fix it would have ruled out X2Go from further
consideration, which would have been unfortunate as it is currently our
leading choice for this particular need.
In my opinion, Mike is a bit too customer-friendly here by turning your
request into a wishlist item that lets every newbie shoot him-/herself
in the foot, security-wise, by toggling a setting in the configuration.
Sorry, but I've seen way too many people go "chmod 777 -R /*" as soon as
something doesn't work as expected, and I'm fearing the same for an
easily reachable option to allow TCP connections - because "xhost +" is
the X/TCP equivalent of "chmod 777 -R /*" in the filesystem.
Of course, everybody is free to shoot him-/herself in the foot, that's
why it's Linux - but merely leaving a "this is dangerous" note next to
the parameter is like sticking a tag "please don't use this unless you
know what you're doing" on a loaded 12-gauge in a room full of toddlers.
Hopefully the above helps persuade you that there is a need for some
users to be able to continue to support the existing X11 security model
(including TCP).
Sorry, but you don't have me convinced that this is something anyone
should use for a prolonged period of time.
If you accept that point, then it seems there should be a more elegant
way of enabling TCP than editing the x2gostartagent file. As someone
brand new to looking at the project, files like x2goagent.options or
x2goserver.conf are the obvious places I would expect to find an option
to make this change.
My understanding of the issue is: It's possible to allow TCP
connections, and the fact that it's not easily reachable - but can be
reached - is a Good Thing(TM).
We should leave it that way.
You can manually allow TCP connections in your environment to ease
transition to X2Go - but by all means, go ahead and fix your scripts so
they use ssh -X/-Y, and do that soon. And reconfigure X2Go to "nolisten
TCP" the second you're done fixing your scripts.
-Stefan
_______________________________________________
X2Go-Dev mailing list
[email protected]
https://lists.berlios.de/mailman/listinfo/x2go-dev
