xpra icon
Bug tracker and wiki

This bug tracker and wiki are being discontinued
please use https://github.com/Xpra-org/xpra instead.


Opened 3 years ago

Closed 3 years ago

Last modified 3 months ago

#1939 closed task (fixed)

reduce the amount of information exposed by the proxy via dbus GetInfo

Reported by: Antoine Martin Owned by: Antoine Martin
Priority: major Milestone: 2.4
Component: server Version: 2.3.x
Keywords: Cc:

Description (last modified by Antoine Martin)

This was flagged as a potential issue during Bug 1102836 - AUDIT-0: xpra: suse-dbus-unauthorized-service org.xpra.Server a security review of xpra for packaging into suse.

FWIW: all the information exposed should normally already be accessible to all users on the system, but it is possible that we expose some internal attributes that should not be - difficult to tell, so let's err on the side of caution.

Change History (2)

comment:1 Changed 3 years ago by Antoine Martin

Description: modified (diff)
Resolution: fixed
Status: newclosed

Done in r20186, r20187 backport for the v2.3.x branch.

Sample output from d-feet:

{'mode': 'proxy',
 'python': {'version': '3.6.6'},
 'session-type': 'proxy',
 'start_time': 65850,
 'type': 'Python',
 'uuid': 'ade8405288844b92aeddd5c073cd7097'}
Last edited 3 years ago by Antoine Martin (previous) (diff)

comment:2 Changed 3 months ago by migration script

this ticket has been moved to: https://github.com/Xpra-org/xpra/issues/1939

Note: See TracTickets for help on using tickets.