From nable.maininbox@googlemail.com Fri May 10 11:13:07 2013 Received: (at 200) by bugs.x2go.org; 10 May 2013 09:13:07 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-0.7 required=5.0 tests=FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,T_DKIM_INVALID,URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from mail-bk0-f44.google.com (mail-bk0-f44.google.com [209.85.214.44]) by ymir (Postfix) with ESMTPS id 4D1F25DB21 for <200@bugs.x2go.org>; Fri, 10 May 2013 11:13:07 +0200 (CEST) Received: by mail-bk0-f44.google.com with SMTP id jk13so1896396bkc.17 for <200@bugs.x2go.org>; Fri, 10 May 2013 02:13:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=OKRpUmN26UmY5egPSCOkcxDtpbJofUs+xk4lvkhxNDY=; b=HCNqXZZtZEH+0fg9lWvZ/YcoluiM4ZGFBnNgpI1kUtV3QOu1URUtSMRCcCwUp/SW+W 89H+A5v04eLpxI1s79hRYwCgH7n7xAdT70rU85mpqRtfjm34e//XUCaglXfIbV7UTENC GMyYJWRipOAPi96sBYjFKJyuntdrsq1GjZ2LryqPl3GfJscBe/tSPKGxOHnXMxWgkZvm lTcP6xv0xkpL7ESZGOkL2vFZYae11Gdwbrdce3CRzTFyKihBYaedKJZA/QsNaeYWRG+Z qAv1tO4smOlB2pe1PZhVZcaMG9GQB0f2QJGZQHCSBzm81C59vqv/An/nRqr49GEYjZCH sbWw== MIME-Version: 1.0 X-Received: by 10.204.197.80 with SMTP id ej16mr4116541bkb.84.1368177186946; Fri, 10 May 2013 02:13:06 -0700 (PDT) Received: by 10.204.170.208 with HTTP; Fri, 10 May 2013 02:13:06 -0700 (PDT) In-Reply-To: References: Date: Fri, 10 May 2013 13:13:06 +0400 Message-ID: Subject: Re: [X2Go-Dev] Bug#200: Bug#200: When user-directories do not exist, saving sqlpass with x2godbadmin is not possible From: Nable 80 To: Michael Kromer Cc: "200@bugs.x2go.org" <200@bugs.x2go.org>, "x2go-dev@lists.berlios.de" Content-Type: text/plain; charset=ISO-8859-1 I've thought a bit and finally I can write some ideas. > Well, I don't mind fixing this to be safe with special chars ... ;) I however really doubt administrators to set homedirs to something with spaces or special chars. 1.1. I was always taught that programs must be secure by design. At least one should do his best trying to achieve it. In this exact case it seems that it's not hard to make system() call more secure: see http://stackoverflow.com/questions/619926/should-i-escape-shell-arguments-in-perl as example. Tl;dr: One should use `system $cmd, @args' rather than `system "$cmd @args"'. 1.2. I don't have pam_mkhomedir in my setups. But for those who have it may be better to do something like `su - $username -c /bin/true' to create a good homedir with skeleton files instead of empty one, although i'm not sure that it works, see https://bugzilla.redhat.com/show_bug.cgi?id=77791 for example. 1.3. +1 to Stefan for domain setups. I even have one. Oh, this thread brings me the idea that I should also add pam_mkhomedir to it. > Ideas? 2. Somehow like this (sorry, i'm not ready to provide a patch at the moment, so just pseudoperl) : if (! -d "$dir") # Try pam_mkhomedir way open my $output, "-|", "su", ("-", "$name", "-c", "pwd"); # is using /bin/pwd better? while (<$output>) { # sorry, i don't remember the way to read full line w/o `while' chomp; if ($_ ne $dir) { # Failed? Use force. system "mkdir", ("-p", "$dir/.x2go"); # is using /bin/mkdir better? print "Here we should show some HUGE warning"; } break; } close $output; } if (! -d $dir/.x2go) { mkdir ("$dir/.x2go"); }