2 Jul 19:58 2013
Re: Bug#258: Bug#258: Bug#258: SECURITY: x2goclient allows clipboard sniffing
Christoph Anton Mitterer <calestyo <at> scientia.net>
2013-07-02 17:58:06 GMT
2013-07-02 17:58:06 GMT
On Tue, 2013-07-02 at 11:10 +0400, Nable 80 wrote: > > And people don't see x2go (or VNC, or rdp) like a direct access > > to their X server (as in plain X forwarding with xauth and that like). > Why do you think so? Because they have it in window and didn't specify > any option that exactly means 'turn on X11 forwarding'? To be honest, I think both are strong reasons for expecting this... as well as one easily tend to compare it with VNC (which gives you rather the "secure" screenshots)... But moreover... it's nowwhere really documented (at least where people easily see it) - I didn't find it at all. When one goes into the ssh/ssh_config manpages and read about the X forwarding options... strongly warns one about the security implications (which are basically like giving root to the remote). When one reads the xauth manpage (and the fact that there is a dedicated program which one needs to grant privileges)... one reads about what one does. With X2go/NX.. there seem to be no such emphasised warnings in the obvious places. > After all, I think that it's not a grave issue as most people use X11 > forwarding for rather trusted hosts (or just don't care). Well... don't think so... even not for the trusted ones (not to talk about untrusted hosts)... but this is probably since people have different requirements on security. > One additional note: it's possible to turn on clipboard forwarding in > RDP and VNC (and it's a very useful thing) but AFAIR in most clients > _one have to specify it implicitly_ (and sometimes there's a separate > option that allows some restricted clipboard access, for example Yes... it is... but there you have to at least enable it (even though most programs miss a strong warning on what can then easily happen...) But to be honest... the clipboard sniffing problem seems to be "boring" compared with the "direct interaction" with my local x server... at least with respect to my security thinking... Oh and no one from the developers should get me wrong: I do see that NX is very nice and great with respect to it's speed, which is probably not doable with VNC like screenshoting.... but a) I think people are not warned/told enough about what happens (technically)... and b) clear information misses... on what could actually happen (in the sense of "is it secure as it is, or can this direct communication with the local X server cause troubles - perhaps there are none... and they only issues where those with the global root window.. which seems not possible with NX? But perhaps there are!). Cheers, Chris.
_______________________________________________ X2Go-Dev mailing list X2Go-Dev <at> lists.berlios.de https://lists.berlios.de/mailman/listinfo/x2go-dev