Hi Dan, On Di 29 Okt 2013 13:59:30 CET, Dan Halbert wrote: > Hi Mike, this fix to authenticate the commands is good. I didn't > realize I was uncovering a security problem. > > One question: the underlying crash was due to bad data. If > authenticated but still bad data is sent, will the client still > crash? I am thinking about a malicious server crafting something to > crash the client or have it do something bad. I looked at the code > diff and I didn't see some underlying verification of the x2go > commands. > > E.g.: > X2GODATABEGIN: > bad data here > X2GODATAEND: I would indeed call this work in progress. See #334 for the ,,bad data here'' location you address above. We surely need a means to ensure that the data sent over the wire is sane. An idea could be to encrypt/decrypt the data asymmetrically. Maybe something else... Hmmm... I don't think that evaluating the data in itself (via regexp e.g.) will lead to good results. We should invent a method that is common to all sorts of text data and makes sure that the data is for the client that requested it. On the other hand... If you cannot trust your admin, who can you trust??? Any contribution of ideas is welcome. Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb