Package: x2goclient
Severity: grave

When you install X2GoClient on Windows in portable mode, in the
directory some_dir\x2goclient, and create a batch file to start it in
porable mode as some_dir\x2goclient.cmd, with the following content:

@echo off
cd /d %~dp0\x2goclient
start "X2GoClient" x2goclient.exe --portable

Then, either upon connecting to a server (causing ssh\known_hosts to be
created/updated), or upon closing of x2goclient, the content of these
directories gets deleted (save for the file ssh\known_hosts):


Obviously, this is NOT good, because people will be tempted to store
their private keys in that directory, only to find them gone afterwards.

My guess is that it hits .ssh as well because .ssh is no regular FAT
file name, but rather one that can only be created in cmd.exe with "md
.ssh", and probably only works on VFAT, not regular FAT, so a routine
looking to match ssh that isn't VFAT-safe will hit .ssh instead.

Could it be that we have a bug in x2goclient that purges the ssh
directory whenever known_hosts is accessed for writing, or similar?

Kind Regards,
Stefan Baur

BAUR-ITCS UG (haftungsbeschränkt)
Geschäftsführer: Stefan Baur
Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364
Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243

Attachment: signature.asc
Description: OpenPGP digital signature

x2go-dev mailing list

Reply via email to