From ionic@ionic.de Wed Jan 11 09:58:38 2017 Received: (at 1133) by bugs.x2go.org; 11 Jan 2017 08:58:45 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from localhost (localhost [127.0.0.1]) by ymir.das-netzwerkteam.de (Postfix) with ESMTP id 775B03CDDD for <1133@bugs.x2go.org>; Wed, 11 Jan 2017 09:58:38 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at ymir.das-netzwerkteam.de Received: from ymir.das-netzwerkteam.de ([127.0.0.1]) by localhost (ymir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r1lWg3BtUqzr for <1133@bugs.x2go.org>; Wed, 11 Jan 2017 09:58:15 +0100 (CET) Received: from Root24.de (powered.by.root24.eu [5.135.3.88]) by ymir.das-netzwerkteam.de (Postfix) with ESMTP id 3CD005DA91 for <1133@bugs.x2go.org>; Wed, 11 Jan 2017 09:58:13 +0100 (CET) Received: from nopileos.local (178.162.222.41.adsl.inet-telecom.org [178.162.222.41]) by mail.ionic.de (Postfix) with ESMTPSA id 879BE4F00643; Wed, 11 Jan 2017 09:58:11 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=ionic.de; s=default; t=1484125092; bh=+oJ1HHx18tXkZv5WR2/LJpmqe0MpKYVrIVY5c97jZ+Y=; h=Subject:To:References:From:Date:In-Reply-To:From; b=YA0kJg5ux4tCV+DKo0aDuCGFv9i271InO93wVxhDqbEeuBlAwu4QrbSm5+kUWdDZk +MGEYOiWYs6qry0oGYCNylRcQXPdDwwIOpF5E74r1UN9KcfHN3H3m4GoYtdl8USbOG of2Jh7BCmHv5eQCJMpjQKbPf1s379mFpxhefagoU= Subject: Re: [X2Go-Dev] Inconsistent Perl used by server or its agent on connect To: Ted Toal , 1133@bugs.x2go.org References: <7a1f025f-6a4f-9c6a-ffe6-4d18a712da86@baur-itcs.de> <836dd91e-6bc3-35e1-3759-e66b55715b1b@baur-itcs.de> <35BC44E5-C0D7-4B77-A09E-FBD00AD5193E@ucdavis.edu> From: Mihai Moldovan Message-ID: <8a78c5fb-56db-a260-705f-6b2b0671d9c6@ionic.de> Date: Wed, 11 Jan 2017 09:58:09 +0100 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:45.0) Gecko/20100101 Thunderbird/45.6.0 MIME-Version: 1.0 In-Reply-To: <35BC44E5-C0D7-4B77-A09E-FBD00AD5193E@ucdavis.edu> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="mtlSJVIkXdQ3udVD5HTBL1oUSqGCaIg7F" This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --mtlSJVIkXdQ3udVD5HTBL1oUSqGCaIg7F Content-Type: multipart/mixed; boundary="d0dShORUTCftk7GvBWGFPjcmfLvkJQIQb"; protected-headers="v1" From: Mihai Moldovan To: Ted Toal , 1133@bugs.x2go.org Message-ID: <8a78c5fb-56db-a260-705f-6b2b0671d9c6@ionic.de> Subject: Re: [X2Go-Dev] Inconsistent Perl used by server or its agent on connect References: <7a1f025f-6a4f-9c6a-ffe6-4d18a712da86@baur-itcs.de> <836dd91e-6bc3-35e1-3759-e66b55715b1b@baur-itcs.de> <35BC44E5-C0D7-4B77-A09E-FBD00AD5193E@ucdavis.edu> In-Reply-To: <35BC44E5-C0D7-4B77-A09E-FBD00AD5193E@ucdavis.edu> --d0dShORUTCftk7GvBWGFPjcmfLvkJQIQb Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Control: reassign -1 x2goserver 4.0.1.20 On 11.01.2017 02:48 AM, Ted Toal wrote: > perl has the -l option for specifying the PERL5LIB path. That option c= an, and I think should, be used on the shebang of the x2go perl scripts: >=20 > #!/usr/bin/perl -l /usr/lib/perl5 >=20 > or something like that. I know the shebang line allows args. If you explicitly break your setup by defining random variables in shell = startup scripts, you'll have to handle the outcome. Following the same line of original reasoning, users COULD potentially re= place /usr/bin/perl with /bin/false. It's unreasonable to expect stuff to check= whether /usr/bin/perl actually is a Perl interpreter. In your case, the proper workaround would be to change the perl hashbangs= to "#!/usr/bin/env perl" instead, so that the first matching perl binary in = $PATH is used. I won't change that in x2goserver, though, as we have literally = no idea what users do to their PATH variable (and shouldn't assume.) Note, that t= his may still not work, as I vaguely remember at least X2Go Client to export a sa= ne PATH value before executing any command remotely, though. If anything, we could explicitly unset PERL5LIB in the client application= for additional sanitation. Would that make sense? Mihai --d0dShORUTCftk7GvBWGFPjcmfLvkJQIQb-- --mtlSJVIkXdQ3udVD5HTBL1oUSqGCaIg7F Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCgAGBQJYdfOhAAoJEB/WLtluJTqHxkkQAMalKNODou6Z6VUHrhbS4KB3 Aacssmgw/sMFnfLxQuSGR9mIrzWX+4BsG6rJSsN+lrO7N4ysnfprqADd4JpcgkM6 YWNxH8mzgdcaQMkUK2qx57YOrjajSkQz/h5oM0p0UaXGiqo7gVf2aeSnDL1V11Q2 unafXT34zZjT7QbpXVTpwehmWxah0qFMF925fvySKYY0yO4+SpYN032Tlg1newoM FB4l+ojf5UhCWj2nM0DHu/W0cjQrXI53tb3uyTx1xWJREgeEYPt3Lsoe+1djyq+f iNrAQ8zuryLDWuvpKvJGzBj0pvxS4pTeFbS6CI6HKklxSpz3k9v9aYK8QBYJx8Ox fCVrHz0ugjz6/s+r5XjVFcs9FrJZjQX25O12ojUcLeUnM2RN6RsY7cn8FpqCdvoU NvaS92x1jA0c6X5lRYiYKyePJF2USr5FBMCsqhgwBqkVhq7B0otyjpgNo2nzkJEs 66tuz5MjzO4bJR68F8nhAtYuUJh9I4irSDALqbvSFttAYjDLyHJRlq4yMEQnD73p PHCfx8n5DjxvMoXHdO0KsUEWCfZhLZKfYu6daydA1bTdhJ9S8hampZAHSzcIJguq bJAJea5z9G1XhQ2zcglxWPRRhc2Q7r76iPPH/kmB6N4wdQUpHW5O0zw8Jav4ziTj 5TxicCE5h8qRQeN7SCnI =/0DL -----END PGP SIGNATURE----- --mtlSJVIkXdQ3udVD5HTBL1oUSqGCaIg7F--