search

neutrinolabs / xorgxrdp

Xorg drivers for xrdp
Other
457 stars 113 forks source link

StartWM.sh crashes and yields root access? #188

Closed altimmons closed 3 years ago

altimmons commented 3 years ago

I had a black screen, like many reported, but was playing with this a bit.

I was able to get root access from a non-priv. user logging in.

Platform is hyperV, OS is PopOS 2010, base Ubuntu 2010 (maybe its 20.04).

This is (obviously) a VM, it was locked, opened it to login screen, did not login, opened enhanced session,
This crashes. I am still exploring that issue... which is likely related. I try to open a terminal, XWindow does not show one, but an open window is reported to HyperV. Close enhanced mode and go back toVM bus, now I am past LightDM Then I run "startWM.sh" this crashes, then I return to the shell as root. This...despite the fact there's noting remotely interesting in there. (however it does reproduce my issue with hyperV enhanced session)

I need to explore this more. May be a one off. etc. Cant do much more at the moment as I have more pressing stuff, but thought Id share as a reminder to come back later and check it out if I have the time.

altimmons commented 3 years ago

I ran StartWM.sh because I am hoping to pin down why Enhanced access isnt working in Windows HyperV. HyperV has the annoying trait of disabling other virtualization if you want to use Docker and WSL. But simultaneously restricts you to a 1024 resolution which is unusable as a desktop environment. Its flat out moronic.

This belongs in https://github.com/microsoft/linux-vm-tools but since its locked and I cant see anyone who has carried the torch, I put it here for now. I may have to work on this more down the road. Id be interested to know to what degree the regulars here are invested in that project? What the general consensus is towards that is. Is that a primary use case for this, or is that a duck tape and bubble gum application of this proj?

matt335672 commented 3 years ago

@altimmons - a couple of things for you

I hope that's useful.

I'm going to close this issue, primarily as I don't think we should be picking up the can for supporting discussions around the linux-vm-tools. As I hope I've explained we're not in any position to do this as an upstream project.

altimmons commented 3 years ago

Yes, I think I’ve tracked down the issue elsewhere. Though not definitively. Don’t know exactly. It was reproduced in that Vm. But not in other similar vms at all. So it’s probably something I’ve done. I am not going to look at it further.

On Mar 29, 2021, at 9:31 AM, matt335672 @.***> wrote:

 @altimmons - a couple of things for you

xrdp, in common with many Github projects has a security policy. Ours is here. Reporting security issues should never be done on a public forum like this. startwm.sh is just a shell script, called as the logged-in user. It's not privileged at all. If you're running it and ending up with a root shell, it's either because you started with one, or something in the script is doing something setuid-like. The file we deliver is here. It's very simple. This is not the same as the file delivered with Ubuntu, as they replace it with their own. as a project we have no integration with LightDM. See (e.g.) neutrinolabs/xrdp#486. I don't understand where this comes in to your description. We were not informed by MS that https://github.com/microsoft/linux-vm-tools was being locked. I think looking at that page, it's clear that this is no longer a direction they wish their users to go in, as perhaps unsurprisingly they want to get GUI integration into WSL2. I hope that's useful.

I'm going to close this issue, primarily as I don't think we should be picking up the can for supporting discussions around the linux-vm-tools. As I hope I've explained we're not in any position to do this as an upstream project.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe.