X2Go Bug report logs - #1133
Inconsistent Perl used by server or its agent on connect

version graph

Package: x2goserver; Maintainer for x2goserver is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goserver is src:x2goserver.

Reported by: Ted Toal <twtoal@ucdavis.edu>

Date: Tue, 10 Jan 2017 21:20:02 UTC

Severity: normal

Tags: not-a-bug

Found in version 4.0.1.20

Done: Stefan Baur <X2Go-ML-1@baur-itcs.de>

Bug is archived. No further changes may be made.

Full log


Message #40 received at 1133@bugs.x2go.org (full text, mbox, reply):

Received: (at 1133) by bugs.x2go.org; 11 Jan 2017 08:58:45 +0000
From ionic@ionic.de  Wed Jan 11 09:58:38 2017
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=-2.0 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,URIBL_BLOCKED autolearn=ham version=3.3.2
Received: from localhost (localhost [127.0.0.1])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTP id 775B03CDDD
	for <1133@bugs.x2go.org>; Wed, 11 Jan 2017 09:58:38 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at ymir.das-netzwerkteam.de
Received: from ymir.das-netzwerkteam.de ([127.0.0.1])
	by localhost (ymir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id r1lWg3BtUqzr for <1133@bugs.x2go.org>;
	Wed, 11 Jan 2017 09:58:15 +0100 (CET)
Received: from Root24.de (powered.by.root24.eu [5.135.3.88])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTP id 3CD005DA91
	for <1133@bugs.x2go.org>; Wed, 11 Jan 2017 09:58:13 +0100 (CET)
Received: from nopileos.local (178.162.222.41.adsl.inet-telecom.org [178.162.222.41])
	by mail.ionic.de (Postfix) with ESMTPSA id 879BE4F00643;
	Wed, 11 Jan 2017 09:58:11 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=ionic.de; s=default;
	t=1484125092; bh=+oJ1HHx18tXkZv5WR2/LJpmqe0MpKYVrIVY5c97jZ+Y=;
	h=Subject:To:References:From:Date:In-Reply-To:From;
	b=YA0kJg5ux4tCV+DKo0aDuCGFv9i271InO93wVxhDqbEeuBlAwu4QrbSm5+kUWdDZk
	 +MGEYOiWYs6qry0oGYCNylRcQXPdDwwIOpF5E74r1UN9KcfHN3H3m4GoYtdl8USbOG
	 of2Jh7BCmHv5eQCJMpjQKbPf1s379mFpxhefagoU=
Subject: Re: [X2Go-Dev] Inconsistent Perl used by server or its agent on
 connect
To: Ted Toal <twtoal@ucdavis.edu>, 1133@bugs.x2go.org
References: <BF57B030-7BF4-4307-9333-49782AB84D74@ucdavis.edu>
 <7a1f025f-6a4f-9c6a-ffe6-4d18a712da86@baur-itcs.de>
 <E4861E92-0216-40D2-91E6-A6A693F5E30B@ucdavis.edu>
 <836dd91e-6bc3-35e1-3759-e66b55715b1b@baur-itcs.de>
 <35BC44E5-C0D7-4B77-A09E-FBD00AD5193E@ucdavis.edu>
From: Mihai Moldovan <ionic@ionic.de>
Message-ID: <8a78c5fb-56db-a260-705f-6b2b0671d9c6@ionic.de>
Date: Wed, 11 Jan 2017 09:58:09 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:45.0)
 Gecko/20100101 Thunderbird/45.6.0
MIME-Version: 1.0
In-Reply-To: <35BC44E5-C0D7-4B77-A09E-FBD00AD5193E@ucdavis.edu>
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="mtlSJVIkXdQ3udVD5HTBL1oUSqGCaIg7F"
[Message part 1 (text/plain, inline)]
Control: reassign -1 x2goserver 4.0.1.20

On 11.01.2017 02:48 AM, Ted Toal wrote:
> perl has the -l option for specifying the PERL5LIB path.  That option can, and I think should, be used on the shebang of the x2go perl scripts:
> 
> #!/usr/bin/perl -l /usr/lib/perl5
> 
> or something like that.  I know the shebang line allows args.

If you explicitly break your setup by defining random variables in shell startup
scripts, you'll have to handle the outcome.

Following the same line of original reasoning, users COULD potentially replace
/usr/bin/perl with /bin/false. It's unreasonable to expect stuff to check
whether /usr/bin/perl actually is a Perl interpreter.


In your case, the proper workaround would be to change the perl hashbangs to
"#!/usr/bin/env perl" instead, so that the first matching perl binary in $PATH
is used. I won't change that in x2goserver, though, as we have literally no idea
what users do to their PATH variable (and shouldn't assume.) Note, that this may
still not work, as I vaguely remember at least X2Go Client to export a sane PATH
value before executing any command remotely, though.

If anything, we could explicitly unset PERL5LIB in the client application for
additional sanitation. Would that make sense?



Mihai

[signature.asc (application/pgp-signature, attachment)]

Send a report that this bug log contains spam.


X2Go Developers <owner@bugs.x2go.org>. Last modified: Sat Nov 23 21:14:37 2024; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.