xpra icon
Bug tracker and wiki

Opened 3 months ago

Closed 3 months ago

Last modified 3 months ago

#1939 closed task (fixed)

reduce the amount of information exposed by the proxy via dbus GetInfo

Reported by: Antoine Martin Owned by: Antoine Martin
Priority: major Milestone: 2.4
Component: server Version: 2.3.x
Keywords: Cc:

Description (last modified by Antoine Martin)

This was flagged as a potential issue during Bug 1102836 - AUDIT-0: xpra: suse-dbus-unauthorized-service org.xpra.Server a security review of xpra for packaging into suse.

FWIW: all the information exposed should normally already be accessible to all users on the system, but it is possible that we expose some internal attributes that should not be - difficult to tell, so let's err on the side of caution.

Change History (1)

comment:1 Changed 3 months ago by Antoine Martin

Description: modified (diff)
Resolution: fixed
Status: newclosed

Done in r20186, r20187 backport for the v2.3.x branch.

Sample output from d-feet:

{'mode': 'proxy',
 'python': {'version': '3.6.6'},
 'session-type': 'proxy',
 'start_time': 65850,
 'type': 'Python',
 'uuid': 'ade8405288844b92aeddd5c073cd7097'}
Last edited 3 months ago by Antoine Martin (previous) (diff)
Note: See TracTickets for help on using tickets.