clone #327 -1 tag #327 wontfix retitle -1 users can inject data into X2Go Client using .bashrc severity -1 grave Hi Dan, On Di 29 Okt 2013 12:55:05 CET, Dan Halbert wrote: > On 10/29/2013 4:36 AM, Mike Gabriel wrote: >> If I put an >>> echo "testing" # exact text doesn't matter >> >> I presume, this on the server. > Right, this is on the server. With the Windows client there is no > .bashrc anyway. I confirmed with my colleague that he saw this on > both the Windows and Ubuntu Precise clients. > > Which windowing system chosen on the server does not seem to matter > either. I saw it with UNITY and with just "Terminal". > >> I could confirm this issue on Debian wheezy or Ubuntu precise as >> X2Go Server. On Ubuntu lucid, the problem does not occur. > That's interesting. The reason for putting in the echo's was to > debug a completely unrelated problem about which shell init got run > when we were running some batch jobs. I had instrumented the init > files before without difficulty. Thanks for looking at this. I have looked at this in depth this morning. Indeed an echoing .bashrc file breaks X2Go. But it also breaks everything else around SSH, esp. scp [1, 2]. The first link [1] also provides a solution that I want to quote here: """ (file: ~/.bashrc) [... normal .bashrc stuff ...] if [[ $- =~ "i" ]]; then echo "SPEAK OUT LOUD!!!" fi """ The i-flag in $- checks if the shell is interactive or not. With X2Go, this flag will not get set. Greets, Mike [1] http://stackoverflow.com/questions/12440287/scp-doesnt-work-when-echo-in-bashrc [2] https://bugzilla.redhat.com/show_bug.cgi?id=20527 -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb