Hi Bughunter, On Sa 18 Feb 2012 17:08:35 CET BUGHUNTER wrote:
I had a discussion with another of the developers (Alex) and we do not know either, if there is a NX-builtin solution for just listening on the localhost IP socket.could this be considered as an important missing feature? I did not find any way to put a feature request into a bugtracker, maybe you would like to do this or forward this to anybody who is more familiar with the development infrastructure? I am just an accidental by-alker and would like to proceed with other things... THANKS!
Yes, will do. Thanks for bringing it up!!!
Our current recommendation is to use iptables, which you have to use anyway, if your system runs in the public space somewhere.Well, of course it is always possible to find a workaround - fixing the source of the problem is a better approach. x2go really looks like good quality software - but it is fair to say that listening on all interfaces by default is not exactly known as "good behaviour". I have no time invstigating deeper into this, but of course this smells like "easy remote exploit" - I really would see this fixed ASAP - and until it is not fixed it would be fair to put a big, red warning on the website and instruct users about how to configure their firewall until this problem is fixed - I bet there are many people not even knowing about this issue.
Done (not a big red sign though...) http://wiki.x2go.org/wiki:security:start?goagent
Please do not wait until somebody else checks if this is a good way to exploit an x2go server - hopefully it is NOT!
Fair enough. I am one of the core developers of X2Go and I will urge the team towards a solution/patch against NoMachine's nxagent.
Thanks, Bughunter
Greets + big thanks! Mike -- DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419 GnuPG Key ID 0xB588399B mail: [email protected], http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
pgpzQjRfx7ox4.pgp
Description: Digitale PGP-Unterschrift
_______________________________________________ X2go-User mailing list [email protected] https://lists.berlios.de/mailman/listinfo/x2go-user
