uLab
/
xrdp-proprietary
mirror of https://mirror.git.trinitydesktop.org/gitea/uLab/xrdp-proprietary
0
0
Fork 0
Code Issues Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
ulab-next-nosound
ulab-next
ulab-original
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9f8a902476'
${ noResults }
xrdp-proprietary/xrdp
History
Ben Cohen 8b4d057af2 Allow UDS connection from non-root users 
If you run xrdp with a Unix Domain Socket (UDS) for the port specified in
/etc/xrdp/xrdp.ini then only root can connect to it.

Test case:

1. Edit /etc/xrdp/xrdp.ini to set "port=/var/run/xrdp-local.socket".

2. Restart xrdp.

3. Run the following, as a non-root user.

  socat TCP-LISTEN:12345 UNIX-CONNECT:/var/run/xrdp-local.socket &
  rdesktop localhost:12345

Expected behaviour: rdesktop starts up and displays the logon dialog.
Observed behaviour: rdesktop exits with "ERROR: Connection closed" and
socat exits with "Permission denied".  (But it suceeds if root runs
socat.)

UDS files are created by trans_listen_address() and given permissions
0660, so only root can connect to it.  In this case, for the RDP client
connection, it it fine for any user to connect so it should be given
permissions 0666.

Note that this is only relevant when the port in /etc/xrdp/xrdp.ini has
been set to create a UDS instead of a TCP socket.  When a TCP port is
created any user (including remote users, unless the loopback interface
is used) can connect so this is not less secure.
 		8 years ago
..
Makefile.am Make socket directory configurable, don't hardcode /tmp/.xrdp 8 years ago
ad24b.bmp improve login graphics 16 years ago
ad256.bmp Drop exec permission of non executable files 9 years ago
cursor0.cur use standard cur files for cursors 21 years ago
cursor1.cur use standard cur files for cursors 21 years ago
czech.txt czech.txt 18 years ago
funcs.c Eliminate APP_CC and DEFAULT_CC 8 years ago
lang.c Eliminate APP_CC and DEFAULT_CC 8 years ago
rdp-scan-codes.txt More spelling fixes found by codespell and aspell 9 years ago
sans-10.fv1 Drop exec permission of non executable files 9 years ago
xrdp.c int function should return 8 years ago
xrdp.h xrdp: exit main process with failure status if listen failed (daemon mode) 8 years ago
xrdp.ini Allocate space for tls_ciphers dynamically 8 years ago
xrdp24b.bmp improve login graphics 16 years ago
xrdp256.bmp Drop exec permission of non executable files 9 years ago
xrdp_bitmap.c Eliminate APP_CC and DEFAULT_CC 8 years ago
xrdp_cache.c Eliminate APP_CC and DEFAULT_CC 8 years ago
xrdp_encoder.c Constify MCS connectionType 8 years ago
xrdp_encoder.h Eliminate APP_CC and DEFAULT_CC 8 years ago
xrdp_font.c Eliminate APP_CC and DEFAULT_CC 8 years ago
xrdp_keyboard.ini add Spanish keylayout 8 years ago
xrdp_listen.c Allow UDS connection from non-root users 8 years ago
xrdp_login_wnd.c Eliminate APP_CC and DEFAULT_CC 8 years ago
xrdp_logo.bmp made login screen fully customizable 11 years ago
xrdp_mm.c Fix Xvnc backend disconnects when some data copied to clipboard 8 years ago
xrdp_painter.c Eliminate APP_CC and DEFAULT_CC 8 years ago
xrdp_process.c Eliminate APP_CC and DEFAULT_CC 8 years ago
xrdp_region.c Eliminate APP_CC and DEFAULT_CC 8 years ago
xrdp_types.h add session_info 8 years ago
xrdp_wm.c Pick up the first section if given section(domain) doesn't match anything 8 years ago
xrdpwin.c Eliminate APP_CC and DEFAULT_CC 8 years ago