X2Go Bug report logs - #1465
Allow running with restricted shell (rbash), or limit applications that can be run.

version graph

Package: x2goserver; Maintainer for x2goserver is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goserver is src:x2goserver.

Reported by: Vladislav Kurz <vladislav.kurz@webstep.net>

Date: Wed, 22 Apr 2020 16:25:01 UTC

Severity: wishlist

Found in version 4.1.0.3-0~1708~ubuntu16.04.1

Full log


🔗 View this message in rfc822 format

X-Loop: owner@bugs.x2go.org
Subject: Bug#1465: [X2Go-Dev] Bug#1465: Bug#1465: Bug#1465: Bug#1465: Allow running with restricted shell (rbash), or limit applications that can be run.
Reply-To: Vladislav Kurz <vladislav.kurz@webstep.net>, 1465@bugs.x2go.org
Resent-From: Vladislav Kurz <vladislav.kurz@webstep.net>
Resent-To: x2go-dev@lists.x2go.org
Resent-CC: X2Go Developers <x2go-dev@lists.x2go.org>
X-Loop: owner@bugs.x2go.org
Resent-Date: Mon, 04 May 2020 15:55:02 +0000
Resent-Message-ID: <handler.1465.B1465.158860741431424@bugs.x2go.org>
Resent-Sender: owner@bugs.x2go.org
X-X2Go-PR-Message: followup 1465
X-X2Go-PR-Package: x2goserver
X-X2Go-PR-Keywords: 
References: <b0f7f18d-b027-712a-9fec-5b91773d13c0@baur-itcs.de> <2807081.Gr0nKVqjWH@hex> <CANVnVYK8A97S=LswgoH63qkJrx_L+--9JweUTXDXMDBJpbquZg@mail.gmail.com> <2807081.Gr0nKVqjWH@hex>
Received: via spool by 1465-submit@bugs.x2go.org id=B1465.158860741431424
          (code B ref 1465); Mon, 04 May 2020 15:55:02 +0000
Received: (at 1465) by bugs.x2go.org; 4 May 2020 15:50:14 +0000
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=-2.0 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,SPF_HELO_NONE,URIBL_BLOCKED autolearn=ham
	autolearn_force=no version=3.4.2
Received: from mail.webstep.net (mail.webstep.net [195.201.172.199])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 880B25DAC1
	for <1465@bugs.x2go.org>; Mon,  4 May 2020 17:50:12 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=webstep.net
	; s=dkim; h=Content-Type:Content-Transfer-Encoding:MIME-Version:References:
	In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-ID:
	Content-Description; bh=BsuYsWtJJAr3PDm3h71bauAQi4f7OvLJFLuASPSXbfA=; b=UGzUr
	EHW9v2xHoPGGL3eBHDsGuD7IAzvH74CXmyKc0FJPDs820VDhfo0DIF5nT0jbj4NzMyP+WEfjfErQb
	P0lO7jSWyyPjeIOcotUiGofFfELSRbj+Rpzvl7KSI9vldoO9plix97TbnchjzAEcYao8DDgblWwBX
	8SF+6sRDpYWQ=;
Received: from ip-89-102-32-92.net.upcbroadband.cz ([89.102.32.92]:60444 helo=hex.localnet)
	by mail.webstep.net with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.89)
	(envelope-from <vladislav.kurz@webstep.net>)
	id 1jVdMC-0005RT-9y
	for 1465@bugs.x2go.org; Mon, 04 May 2020 17:50:12 +0200
From: Vladislav Kurz <vladislav.kurz@webstep.net>
To: 1465@bugs.x2go.org
Date: Mon, 04 May 2020 17:50:11 +0200
Message-ID: <9811238.m7vEv2RkKi@hex>
User-Agent: KMail/5.2.3 (Linux/4.9.0-12-amd64; KDE/5.28.0; x86_64; ; )
In-Reply-To: <CANVnVYK8A97S=LswgoH63qkJrx_L+--9JweUTXDXMDBJpbquZg@mail.gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="UTF-8"
Dne pondělí 4. května 2020 16:36:53 CEST, Ulrich Sibiller napsal(a):
> > Given that bash is enforced there for a reason, it doesn't sound like a
> > good idea to replace it with something else.
> 
> I have done some research. The reason is that before the scripts used
> /bin/sh which is unspecific and might point to other shells. As the
> scripts seem to use one or the other bashism this is problematic.

The proper way then is to put #! /bin/bash into the script that requires it. 
Not to invoke it using "bash script"

Vladislav Kurz

Send a report that this bug log contains spam.


X2Go Developers <owner@bugs.x2go.org>. Last modified: Thu Aug 13 11:19:36 2020; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.