Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: BUGHUNTER <bughunter-sGOZH3hwPm2sTnJN9+BGXg <at> public.gmane.org>
Subject: Re: x2goagent listening on public interface - how to make it listen on 127.0.0.1 only?
Newsgroups: gmane.linux.terminal-server.x2go.user
Date: Saturday 18th February 2012 16:08:35 UTC (over 5 years ago)
Hello Mike,

> I had a discussion with another of the developers (Alex) and we do
> not know either, if there is a NX-builtin solution for just
> listening on the localhost IP socket.

could this be considered as an important missing feature? I did not
find any way to put a feature request into a bugtracker, maybe you
would like to do this or forward this to anybody who is more familiar
with the development infrastructure? I am just an accidental by-alker
and would like to proceed with other things... THANKS!

> Our current recommendation is to use iptables, which you have to use
> anyway, if your system runs in the public space somewhere.

Well, of course it is always possible to find a workaround - fixing
the source of the problem is a better approach.

x2go really looks like good quality software - but it is fair to say
that listening on all interfaces by default is not exactly known as
"good behaviour".

I have no time invstigating deeper into this, but of course this
smells like "easy remote exploit" - I really would see this fixed ASAP
- and until it is not fixed it would be fair to put a big, red warning
on the website and instruct users about how to configure their
firewall until this problem is fixed - I bet there are many people not
even knowing about this issue.

Please do not wait until somebody else checks if this is a good way to
exploit an x2go server - hopefully it is NOT!

Thanks,
Bughunter
 
CD: 4ms