Hi Stefan, On So 08 Dez 2013 21:10:57 CET, Stefan Baur wrote:
Am 08.12.2013 21:05, schrieb Nable 80:One should notice that without root ( who would give root access to generic employee? except (possibly) on his workstation) you still cannot access other users' cookies (except cases when one have too^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^wide permissions or known vulnerabilitites with privelege escalation),^^^^^^^^^^^^^^^^so you cannot grab their X sessions, can you?And here we are again at "Hey, $FOO doesn't work, I'll just do chmod -R 777 * and see if that makes it work."Plus, the rogue employee may as well be the admin, and thus have root rights on the machine where you're logged in.-Stefan
For X2Go we must assume that the root user is a trustworthy person. Otherwise we are completely lost.
Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
pgp8DuZoZG2H8.pgp
Description: Digitale PGP-Signatur
_______________________________________________ X2Go-Dev mailing list X2Go-Dev@lists.berlios.de https://lists.berlios.de/mailman/listinfo/x2go-dev