Subject: Re: x2goagent listening on public interface - how to make it listen on 127.0.0.1 only?
Date: Saturday 18th February 2012 16:08:35 UTC (over 5 years ago)
Hello Mike, > I had a discussion with another of the developers (Alex) and we do > not know either, if there is a NX-builtin solution for just > listening on the localhost IP socket. could this be considered as an important missing feature? I did not find any way to put a feature request into a bugtracker, maybe you would like to do this or forward this to anybody who is more familiar with the development infrastructure? I am just an accidental by-alker and would like to proceed with other things... THANKS! > Our current recommendation is to use iptables, which you have to use > anyway, if your system runs in the public space somewhere. Well, of course it is always possible to find a workaround - fixing the source of the problem is a better approach. x2go really looks like good quality software - but it is fair to say that listening on all interfaces by default is not exactly known as "good behaviour". I have no time invstigating deeper into this, but of course this smells like "easy remote exploit" - I really would see this fixed ASAP - and until it is not fixed it would be fair to put a big, red warning on the website and instruct users about how to configure their firewall until this problem is fixed - I bet there are many people not even knowing about this issue. Please do not wait until somebody else checks if this is a good way to exploit an x2go server - hopefully it is NOT! Thanks, Bughunter