** Description changed: - There doesn't seem to be any obvious way to force LightDM's VNC server - to listen on only specified interfaces, most notably localhost. This - creates a security issue, as the best and most secure way to access a - VNC server is through an SSH tunnel where the client will only connect - to its localhost on a particular port having all connections through the - tunnel to the server's localhost port. + [Impact] + The XDMCP and VNC servers in LightDM allow connections on any network interface. It is desirable for these to be limited to a particular interface to limit who can connect (i.e. only allow local connections on 127.0.0.1). - If there is a proper way to do this or some sort of work-around, I would - be very interested in how to do so. As of right now, this makes - LightDM's VNC server unusable for me. + [Test Case] + 1. Enable the VNC server in LightDM in lightdm.conf: + [VNCServer] + enabled=true + listen-address=127.0.0.1 + 2. Start LightDM + With this setup you should only be able to make a local connection. + + [Regression potential] + Low. If the option is not set LightDM has the old behaviour.
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/1390808 Title: VNC / XDMCP server cannot be configured to listen on specific interfaces Status in Light Display Manager: In Progress Status in Light Display Manager 1.10 series: In Progress Status in Light Display Manager 1.12 series: In Progress Status in Light Display Manager 1.2 series: In Progress Status in “lightdm” package in Ubuntu: Triaged Status in “lightdm” source package in Precise: Triaged Status in “lightdm” source package in Trusty: Triaged Status in “lightdm” source package in Utopic: Triaged Status in “lightdm” source package in Vivid: Triaged Bug description: [Impact] The XDMCP and VNC servers in LightDM allow connections on any network interface. It is desirable for these to be limited to a particular interface to limit who can connect (i.e. only allow local connections on 127.0.0.1). [Test Case] 1. Enable the VNC server in LightDM in lightdm.conf: [VNCServer] enabled=true listen-address=127.0.0.1 2. Start LightDM With this setup you should only be able to make a local connection. [Regression potential] Low. If the option is not set LightDM has the old behaviour. To manage notifications about this bug go to: https://bugs.launchpad.net/lightdm/+bug/1390808/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
