[X2go-dev] concept for X2go session lock-down to kiosk-mode (was Re: X2go is insecure)

[John A. Sullivan III]

On Fri, 2011-04-01 at 02:44 +0200, Dick Kniep wrote:
> Hi list,
> 
>  
> 
> Reading all comments on my stone in the pond I still think it is not
> really clear what the problem is (and my proposed solution)
> 
> 
> I do not want to secure the entire server. I only want a door that can
> be locked. So I allow a user to use the terminal. Okay he is allowed
> to use the terminal and so he can do anything he likes. No problem. 
> 
>  
> 
> Or I say on the server the user may only use program XYZ. XYZ starts
> and that is all. If XYZ deletes my system that is Okay by me. The user
> had access to that program and that is it.
> 
>  
> 
> This can be enforced by my simple solution. From the client a command
> is sent, say "Start terminal". Then in the wrapper, the user is
> matched with the command and if the match exists, the command is
> allowed and is executed. If not, the request is rejected.
> 
>  
> 
> Maybe this can be achieved also by apparmor, but it looks to me that
> apparmor is intended to secure the entire system which is really not
> what I want. (Or maybe I am mistaken because of lack of knowledge of
> apparmor)
<snip>
Again I confess that I've not taken a lot of time to digest this issue
but, I wonder if the back and forth is cause because for some users,
this would be a highly desirable feature whereas, for others, it not
only makes no sense but would be a significant obstacle.  Can it be
built as a configurable option that can be enabled with a setting in
x2go.conf (or whatever file we are using for configuration)? - John