X2Go Bug report logs - #1465
Allow running with restricted shell (rbash), or limit applications that can be run.

version graph

Package: x2goserver; Maintainer for x2goserver is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goserver is src:x2goserver.

Reported by: Vladislav Kurz <vladislav.kurz@webstep.net>

Date: Wed, 22 Apr 2020 16:25:01 UTC

Severity: wishlist

Found in version

Full log

🔗 View this message in rfc822 format

X-Loop: owner@bugs.x2go.org
Subject: Bug#1465: [X2Go-Dev] Bug#1465: Bug#1465: Allow running with restricted shell (rbash), or limit applications that can be run.
Reply-To: uli42@gmx.de, 1465@bugs.x2go.org
Resent-From: Ulrich Sibiller <ulrich.sibiller@gmail.com>
Resent-To: x2go-dev@lists.x2go.org
Resent-CC: X2Go Developers <x2go-dev@lists.x2go.org>
X-Loop: owner@bugs.x2go.org
Resent-Date: Mon, 04 May 2020 12:10:01 +0000
Resent-Message-ID: <handler.1465.B1465.158859402230245@bugs.x2go.org>
Resent-Sender: owner@bugs.x2go.org
X-X2Go-PR-Message: followup 1465
X-X2Go-PR-Package: x2goserver
References: <b0f7f18d-b027-712a-9fec-5b91773d13c0@baur-itcs.de> <2807081.Gr0nKVqjWH@hex> <1902964.pRvSqubr2C@hex> <73e4e27f-a592-5730-2781-f0f80403bdd7@baur-itcs.de> <2807081.Gr0nKVqjWH@hex>
Received: via spool by 1465-submit@bugs.x2go.org id=B1465.158859402230245
          (code B ref 1465); Mon, 04 May 2020 12:10:01 +0000
Received: (at 1465) by bugs.x2go.org; 4 May 2020 12:07:02 +0000
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
X-Spam-Level: *
X-Spam-Status: No, score=1.2 required=3.0 tests=BAYES_40,DKIM_SIGNED,
	autolearn_force=no version=3.4.2
Received: from mail-yb1-xb43.google.com (mail-yb1-xb43.google.com [IPv6:2607:f8b0:4864:20::b43])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 4B43C5DAC1
	for <1465@bugs.x2go.org>; Mon,  4 May 2020 14:06:59 +0200 (CEST)
Received: by mail-yb1-xb43.google.com with SMTP id v9so2934098ybq.13
        for <1465@bugs.x2go.org>; Mon, 04 May 2020 05:06:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
X-Gm-Message-State: AGi0PuZVA9PvP3hHADpSAcmgHG+MIQyBK8GVuQRXw091sj3fKthy6Q6N
X-Google-Smtp-Source: APiQypJ4b8saFY27fuaCY6FZ8T2miEUF4I4s9ofPQRRE6X6jO6VRHAqftkKZrhTLSgHJuI6ULpbUhbggbpF4BSqDxVE=
X-Received: by 2002:a25:aa0c:: with SMTP id s12mr25815401ybi.183.1588594017707;
 Mon, 04 May 2020 05:06:57 -0700 (PDT)
MIME-Version: 1.0
In-Reply-To: <73e4e27f-a592-5730-2781-f0f80403bdd7@baur-itcs.de>
From: Ulrich Sibiller <ulrich.sibiller@gmail.com>
Date: Mon, 4 May 2020 14:06:31 +0200
Message-ID: <CANVnVYKUiCR3T9BeYBvNR5ZO7vt7FuXiH=m0J=Z0FSaepu5+Zg@mail.gmail.com>
To: Stefan Baur <X2Go-ML-1@baur-itcs.de>, 1465@bugs.x2go.org
Content-Type: text/plain; charset="UTF-8"
On Mon, May 4, 2020 at 1:15 PM Stefan Baur <X2Go-ML-1@baur-itcs.de> wrote:
> You need to realize the truth: What a user can see (as in "access"),
> they can copy.

Well, I basically agree with what you wrote. But the OP was mentioning
he just wants to provide _one_ single published application.

Now let us assume some pre-conditions:
- the application is unable to display the data you want to protect.
If not, all the ways you mocked up above could be used and the
approach will not work
- the application cannot start other apps like an xterm or a shell on
user request
- there's only ssh access
- the x2go scripts are sane and secure

Then all we'd need was
- a restricted ssh-key that only allows for the commands that are
required for the x2go session handling
- ensuring the x2go session handling will only start that single
application and no other user specified command.

The user then can still configure arbitrary sessions but they will
either always fail or ignore the user's command and run the one
application in question. We could also provide a server side setting
that only allows published application connects.

It will not work out of the box but I am pretty sure it could be implemented.

Also, IIRC Mihai added an explicit bash call into certain commands to
make it work fur users with a different login shell. And obviously the
original rbash instructions worked before. So you could also try to
set that up and do some research where to remove the explicit bash



Send a report that this bug log contains spam.

X2Go Developers <owner@bugs.x2go.org>. Last modified: Tue Jun 22 16:54:38 2021; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.