From mike.gabriel@das-netzwerkteam.de Tue Feb 10 09:23:21 2015 Received: (at 784) by bugs.x2go.org; 10 Feb 2015 08:23:23 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from freya.das-netzwerkteam.de (freya.das-netzwerkteam.de [88.198.48.199]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 1ED205DBCA for <784@bugs.x2go.org>; Tue, 10 Feb 2015 09:23:21 +0100 (CET) Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [78.46.204.98]) by freya.das-netzwerkteam.de (Postfix) with ESMTPS id B126FAF6; Tue, 10 Feb 2015 09:23:20 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id 9084D3C1B3; Tue, 10 Feb 2015 09:23:20 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at grimnir.das-netzwerkteam.de Received: from grimnir.das-netzwerkteam.de ([127.0.0.1]) by localhost (grimnir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GFR2MHqexL2q; Tue, 10 Feb 2015 09:23:20 +0100 (CET) Received: from grimnir.das-netzwerkteam.de (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTPS id 5B9013C045; Tue, 10 Feb 2015 09:23:20 +0100 (CET) Received: from 134.245.44.4 ([134.245.44.4]) by mail.das-netzwerkteam.de (Horde Framework) with HTTP; Tue, 10 Feb 2015 08:23:20 +0000 Date: Tue, 10 Feb 2015 08:23:20 +0000 Message-ID: <20150210082320.Horde.Ux2rIQx6x4VgeCS6VpAbUg1@mail.das-netzwerkteam.de> From: Mike Gabriel To: Jason Alavaliant , 784@bugs.x2go.org Subject: Re: [X2Go-Dev] Bug#784: x2gobroker-agent.pl commands break if user shell environment has login settings it doesn't like In-Reply-To: <981e2e7256215a6351c339829d0e9d67@private.ra09.com> User-Agent: Internet Messaging Program (IMP) H5 (6.2.2) Accept-Language: de,en Organization: DAS-NETZWERKTEAM X-Originating-IP: 134.245.44.4 X-Remote-Browser: Mozilla/5.0 (X11; Linux x86_64; rv:32.0) Gecko/20100101 Firefox/32.0 Iceweasel/32.0 Content-Type: multipart/signed; boundary="=_yDwoVzrZiIMbpXQFp59Opg9"; protocol="application/pgp-signature"; micalg=pgp-sha1 MIME-Version: 1.0 This message is in MIME format and has been PGP signed. --=_yDwoVzrZiIMbpXQFp59Opg9 Content-Type: text/plain; charset=us-ascii; format=flowed; DelSp=Yes Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Control: tag -1 pending Control: tag -1 fixed 0.3.0.0 Hi Jason, On Di 10 Feb 2015 06:13:52 CET, Jason Alavaliant wrote: > Package: x2ggobroker-agent > Version: 0.0.2.3 > > One of my users started to get their connections to the x2go broker=20=20 >=20failing with 'Error downloading http://x2go-broker-url/plain/inifile=20= =20 >=20- server replied: Internal Server Error' > > Tracking back through the commands the broker was logging the issue=20=20 >=20turned out be > > /usr/lib/x2go/x2gobroker-agent $USER listsessions > (and other commands that x2gobroker-agent.pl runs by su - username=20=20 >=20-c command) returning things like > > OK > [1] 32542 > klipper: Command not found. > [1] + exit 1 klipper > > which was a result of how the command is run; since the=20=20 >=20x2gobroker-agent $USER FOO commands all internally su to the named=20= =20 >=20user to run the command it results in the user's environment being=20= =20 >=20sourced which puts them at the risk of being broken by the user's=20=20 >=20environment. My user in this case had embedded a command that=20=20 >=20didn't exist on the broker host to run as soon as their shell=20=20 >=20environment was created which caused the broker to error out.=20=20=20= =20 >=20(possibly compounded by in this case the shell tcsh being used as=20=20 >=20the user's default shell - tcsh in my experience being very=20=20 >=20temperamental with it's startup files - a single failure will stop=20= =20 >=20the environment file sourcing to error our instantly and not process=20= =20 >=20further lines. I've not had time to cross compare with bash etc and=20= =20 >=20see if this problem only exists for tcsh or if it effects most=20=20 >=20shells). > > I managed to work around the issue in my case by fixing the su=20=20 >=20commands in x2gobroker-agent.pl to use /bin/sh (which links to=20=20 >=20/bin/dash) on my system to avoid user shell startup file environment=20= =20 >=20issues breaking logging in via the broker. It feels more like a=20= =20 >=20workaround that a proper fix to me so I'm not suggesting the=20=20 >=20attached patch for merging, rather just as an example of how I got=20= =20 >=20around it in my case. My feeling is that there must be a better=20= =20 >=20way to ensure these x2gobroker-agent commands can't be broken by the=20= =20 >=20user env but I'm not managing to come up with a better solution=20=20 >=20currently. > > Thanks > Jason This issue is already fixed in Git and pending for 0.0.3.0. I have=20=20 marked=20the appropriate changelog line and added a closure there for=20=20 this=20bug. Mike --=20 DAS-NETZWERKTEAM mike=20gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.x= fb --=_yDwoVzrZiIMbpXQFp59Opg9 Content-Type: application/pgp-signature Content-Description: Digitale PGP-Signatur Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAABAgAGBQJU2b/4AAoJEJr0azAldxsx2hwP/18fzilzSfmHo//uyt0GETkP XXpoGVc6f32pHtx7e22EY5GOuxCzyZ6rC7aqT8691jxzpHQNvQDNaqvYZQ4XhyTF pQxmUDpgQMUcEXieyNfQRiK+ACIlPJTscdhhCHVMgC2Ew3u61FzHQv6UBiHwparh 8MDvwpBtRa6shoHV50T++9kwFoQQ5AA1Eu/Y4kbO3Xp2wqpAw42N/tQa/gWZebU0 PVXfdR7YyfDWTSvHO8Pq1L3XuYxf4Te+MkiYflBFR/mnd1HabxLQkEYLcPGWaOMm mEQ92IVxyLB6Fw0Tjhy07wbT5rpFAkT7vrFn9l8UpiTU2toc5LJ1sAVrYUGeknQH Oe7BFwPZAetZ1JusPjDXBdQUBWPTG+cH1n4Ul321CiYVgzJMJCcocEef3WxSWgYq vjsiaF+Dzlt7Y6tXXZf/mDWsBUvVZd+Lj/H7BTExOt3eFPVL/+AmZXxH6SWgEvJJ lU9mG6EBx2EMgTBH0GDZy7IfSLIGQBnQpT3KAbbgt1cRjKLbaweOKAhIW7qWUG8Z Yb0uSllRhYWCmElJMcNLiyaKrlmWrWhr4C/l4ewfdw9KQEPpROIb48F6ZZUXP0Yg cS9NfSXpGaFQRX/pzM8Yf8z2+WREZyQk8DX6zCHtl3MHcyT3olEXgtCfUQzfd/vE nlMqiItV7VsQkcE4sYEu =oSBY -----END PGP SIGNATURE----- --=_yDwoVzrZiIMbpXQFp59Opg9--