From vladislav.kurz@webstep.net Mon May 4 17:50:13 2020 Received: (at 1465) by bugs.x2go.org; 4 May 2020 15:50:14 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,SPF_HELO_NONE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.2 Received: from mail.webstep.net (mail.webstep.net [195.201.172.199]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 880B25DAC1 for <1465@bugs.x2go.org>; Mon, 4 May 2020 17:50:12 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=webstep.net ; s=dkim; h=Content-Type:Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-ID: Content-Description; bh=BsuYsWtJJAr3PDm3h71bauAQi4f7OvLJFLuASPSXbfA=; b=UGzUr EHW9v2xHoPGGL3eBHDsGuD7IAzvH74CXmyKc0FJPDs820VDhfo0DIF5nT0jbj4NzMyP+WEfjfErQb P0lO7jSWyyPjeIOcotUiGofFfELSRbj+Rpzvl7KSI9vldoO9plix97TbnchjzAEcYao8DDgblWwBX 8SF+6sRDpYWQ=; Received: from ip-89-102-32-92.net.upcbroadband.cz ([89.102.32.92]:60444 helo=hex.localnet) by mail.webstep.net with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1jVdMC-0005RT-9y for 1465@bugs.x2go.org; Mon, 04 May 2020 17:50:12 +0200 From: Vladislav Kurz To: 1465@bugs.x2go.org Subject: Re: [X2Go-Dev] Bug#1465: Bug#1465: Bug#1465: Bug#1465: Allow running with restricted shell (rbash), or limit applications that can be run. Date: Mon, 04 May 2020 17:50:11 +0200 Message-ID: <9811238.m7vEv2RkKi@hex> User-Agent: KMail/5.2.3 (Linux/4.9.0-12-amd64; KDE/5.28.0; x86_64; ; ) In-Reply-To: References: <2807081.Gr0nKVqjWH@hex> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="UTF-8" Dne pond=C4=9Bl=C3=AD 4. kv=C4=9Btna 2020 16:36:53 CEST, Ulrich Sibiller na= psal(a): > > Given that bash is enforced there for a reason, it doesn't sound like a > > good idea to replace it with something else. >=20 > I have done some research. The reason is that before the scripts used > /bin/sh which is unspecific and might point to other shells. As the > scripts seem to use one or the other bashism this is problematic. The proper way then is to put #! /bin/bash into the script that requires it= =2E=20 Not to invoke it using "bash script" Vladislav Kurz