X2Go Bug report logs - #200
When user-directories do not exist, saving sqlpass with x2godbadmin is not possible

version graph

Package: x2goserver; Maintainer for x2goserver is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goserver is src:x2goserver.

Reported by: Michael Kromer <michael.kromer@netitwork.net>

Date: Tue, 7 May 2013 09:48:01 UTC

Severity: normal

Tags: pending

Found in version 4.0.0.1

Fixed in version 4.0.0.2

Done: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

Bug is archived. No further changes may be made.

Full log


Message #25 received at 200@bugs.x2go.org (full text, mbox, reply):

Received: (at 200) by bugs.x2go.org; 10 May 2013 09:13:07 +0000
From nable.maininbox@googlemail.com  Fri May 10 11:13:07 2013
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=-0.7 required=5.0 tests=FREEMAIL_FROM,
	RCVD_IN_DNSWL_LOW,T_DKIM_INVALID,URIBL_BLOCKED autolearn=ham version=3.3.2
Received: from mail-bk0-f44.google.com (mail-bk0-f44.google.com [209.85.214.44])
	by ymir (Postfix) with ESMTPS id 4D1F25DB21
	for <200@bugs.x2go.org>; Fri, 10 May 2013 11:13:07 +0200 (CEST)
Received: by mail-bk0-f44.google.com with SMTP id jk13so1896396bkc.17
        for <200@bugs.x2go.org>; Fri, 10 May 2013 02:13:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20120113;
        h=mime-version:x-received:in-reply-to:references:date:message-id
         :subject:from:to:cc:content-type;
        bh=OKRpUmN26UmY5egPSCOkcxDtpbJofUs+xk4lvkhxNDY=;
        b=HCNqXZZtZEH+0fg9lWvZ/YcoluiM4ZGFBnNgpI1kUtV3QOu1URUtSMRCcCwUp/SW+W
         89H+A5v04eLpxI1s79hRYwCgH7n7xAdT70rU85mpqRtfjm34e//XUCaglXfIbV7UTENC
         GMyYJWRipOAPi96sBYjFKJyuntdrsq1GjZ2LryqPl3GfJscBe/tSPKGxOHnXMxWgkZvm
         lTcP6xv0xkpL7ESZGOkL2vFZYae11Gdwbrdce3CRzTFyKihBYaedKJZA/QsNaeYWRG+Z
         qAv1tO4smOlB2pe1PZhVZcaMG9GQB0f2QJGZQHCSBzm81C59vqv/An/nRqr49GEYjZCH
         sbWw==
MIME-Version: 1.0
X-Received: by 10.204.197.80 with SMTP id ej16mr4116541bkb.84.1368177186946;
 Fri, 10 May 2013 02:13:06 -0700 (PDT)
Received: by 10.204.170.208 with HTTP; Fri, 10 May 2013 02:13:06 -0700 (PDT)
In-Reply-To: <zarafa.518960b5.788b.1dd4eb15579cf6fc@mozart.netitwork.de>
References: <CALxOYEbd4KezdT24YHYQmm4DTXyO31mvM3uER0M8SD4seepePw@mail.gmail.com>
	<zarafa.518960b5.788b.1dd4eb15579cf6fc@mozart.netitwork.de>
Date: Fri, 10 May 2013 13:13:06 +0400
Message-ID: <CALxOYEYw+usF3jUdiR1sopFUZVuxUanpyuRAVfKD77qK6K8XOQ@mail.gmail.com>
Subject: Re: [X2Go-Dev] Bug#200: Bug#200: When user-directories do not exist,
 saving sqlpass with x2godbadmin is not possible
From: Nable 80 <nable.maininbox@googlemail.com>
To: Michael Kromer <michael.kromer@netitwork.net>
Cc: "200@bugs.x2go.org" <200@bugs.x2go.org>, 
	"x2go-dev@lists.berlios.de" <x2go-dev@lists.berlios.de>
Content-Type: text/plain; charset=ISO-8859-1
I've thought a bit and finally I can write some ideas.

> Well, I don't mind fixing this to be safe with special chars ... ;) I however really doubt administrators to set homedirs to something with spaces or special chars.
1.1. I was always taught that programs must be secure by design. At
least one should do his best trying to achieve it.
In this exact case it seems that it's not hard to make system() call
more secure: see
http://stackoverflow.com/questions/619926/should-i-escape-shell-arguments-in-perl
as example.
Tl;dr: One should use `system $cmd, @args' rather than `system "$cmd @args"'.
1.2. I don't have pam_mkhomedir in my setups. But for those who have
it may be better to do something like `su - $username -c /bin/true' to
create a good homedir with skeleton files instead of empty one,
although i'm not sure that it works, see
https://bugzilla.redhat.com/show_bug.cgi?id=77791 for example.
1.3. +1 to Stefan for domain setups. I even have one. Oh, this thread
brings me the idea that I should also add pam_mkhomedir to it.

> Ideas?
2. Somehow like this (sorry, i'm not ready to provide a patch at the
moment, so just pseudoperl) :
if (! -d "$dir")
    # Try pam_mkhomedir way
    open my $output, "-|", "su", ("-", "$name", "-c", "pwd"); # is
using /bin/pwd better?
    while (<$output>) { # sorry, i don't remember the way to read full
line w/o `while'
        chomp;
        if ($_ ne $dir) { # Failed? Use force.
            system "mkdir", ("-p", "$dir/.x2go"); # is using /bin/mkdir better?
            print "Here we should show some HUGE warning";
        }
        break;
    }
    close $output;
}
if (! -d $dir/.x2go) {
    mkdir ("$dir/.x2go");
}


Send a report that this bug log contains spam.


X2Go Developers <owner@bugs.x2go.org>. Last modified: Fri Mar 29 13:03:18 2024; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.