touch-packages team mailing list archive

Thread
Date

[Bug 1390808] Re: VNC / XDMCP server cannot be configured to listen on specific interfaces

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Robert Ancell <robert.ancell@xxxxxxxxxxxxx>
Date: Thu, 13 Nov 2014 01:47:16 -0000
Reply-to: Bug 1390808 <1390808@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Description changed:

- There doesn't seem to be any obvious way to force LightDM's VNC server
- to listen on only specified interfaces, most notably localhost. This
- creates a security issue, as the best and most secure way to access a
- VNC server is through an SSH tunnel where the client will only connect
- to its localhost on a particular port having all connections through the
- tunnel to the server's localhost port.
+ [Impact]
+ The XDMCP and VNC servers in LightDM allow connections on any network interface. It is desirable for these to be limited to a particular interface to limit who can connect (i.e. only allow local connections on 127.0.0.1).
  
- If there is a proper way to do this or some sort of work-around, I would
- be very interested in how to do so. As of right now, this makes
- LightDM's VNC server unusable for me.
+ [Test Case]
+ 1. Enable the VNC server in LightDM in lightdm.conf:
+ [VNCServer]
+ enabled=true
+ listen-address=127.0.0.1
+ 2. Start LightDM
+ With this setup you should only be able to make a local connection.
+ 
+ [Regression potential]
+ Low. If the option is not set LightDM has the old behaviour.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lightdm in Ubuntu.
https://bugs.launchpad.net/bugs/1390808

Title:
  VNC / XDMCP server cannot be configured to listen on specific
  interfaces

Status in Light Display Manager:
  In Progress
Status in Light Display Manager 1.10 series:
  In Progress
Status in Light Display Manager 1.12 series:
  In Progress
Status in Light Display Manager 1.2 series:
  In Progress
Status in “lightdm” package in Ubuntu:
  Triaged
Status in “lightdm” source package in Precise:
  Triaged
Status in “lightdm” source package in Trusty:
  Triaged
Status in “lightdm” source package in Utopic:
  Triaged
Status in “lightdm” source package in Vivid:
  Triaged

Bug description:
  [Impact]
  The XDMCP and VNC servers in LightDM allow connections on any network interface. It is desirable for these to be limited to a particular interface to limit who can connect (i.e. only allow local connections on 127.0.0.1).

  [Test Case]
  1. Enable the VNC server in LightDM in lightdm.conf:
  [VNCServer]
  enabled=true
  listen-address=127.0.0.1
  2. Start LightDM
  With this setup you should only be able to make a local connection.

  [Regression potential]
  Low. If the option is not set LightDM has the old behaviour.

To manage notifications about this bug go to:
https://bugs.launchpad.net/lightdm/+bug/1390808/+subscriptions