clone #334 -1 reassign #334 python-x2go thanks Hi all, On Di 29 Okt 2013 13:41:06 CET, Mike Gabriel wrote: > Package: x2goclient > Severity: important > > In X2Go it is currently possible to replace every command in X2Go > Server by a command of the same name in ~/bin. > > An attacker could use this to infiltrate X2Go Client with arbitrary data. > > IMHO, we should make sure, X2Go Client only uses system-wide paths > when evoking commands on X2Go Servers. > > This, of course, will boycott installing X2Go Server into ~ > space, but actually, I prefer a safe setup to such custom > installation tweaks. > > Feedback?!? > > Mike This issue also applies to Python X2Go. Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb