-
-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
-ac Insecure setting in the default VNC configuration #264
Comments
In a fresh install of xrdp-0.6.1-2.fc20.x86_64, the file /etc/xrdp/sesman.ini says: [Xvnc] Where (according to Xserver(1)):
This seems like a very bad idea. It would allow anyone with an account on the system to connect to the session of someone who is logged in via xrdp. |
more info here, |
We’d prefer to do something with xauth here, so that users can contact their own X sessions locally (even from another channel, e.g. by ssh’ing in), but others can’t access them, while keeping the xrdp dæmon running as xrdp user. Is this possible? I don’t know enough about how the actual sessions are started to comment. If so, I could probably hack it (I’ve done xauth work for an Xnest wrapper in the past). |
|
what do you think about ?
https://bugzilla.redhat.com/show_bug.cgi?id=1105202
The text was updated successfully, but these errors were encountered: