[X2go-Dev] x2goserver package with setuidwrapper
Mike Gabriel
mike.gabriel at das-netzwerkteam.de
Mon Jul 18 19:45:44 CEST 2011
Hi Morty,
On Mo 18 Jul 2011 19:08:50 CEST Moritz Struebe wrote:
> Hi there.
>
> On 2011-07-18 17:12, Moritz Struebe wrote:
>> Should be possible using the group-S-bit -> keep the user, but make the
>> database writeable to the x2gouser-group.
>
> I just had a chat with Arw, and this is the way to go.
I had though so already, but my tests with that currently fail.
Probably be problem that sits in front of the screen. Will test some
more...
> But we must check
> that x2gouser is the only user in the x2gouser-group. (I think checking
> this in the perl-script should be secure enough, as nobody is just added
> to that group - and if someone is, x2go stops working - so someone will
> notice, that something is going wrong - and he cant change the script,
> as he does not own it).
Ok, got that...
> I don't remember, but was it the x2gouser or the x2gousers groups
> everybody got added to in the old installer-scripts? If it was x2gouser,
> the new installer should probably remove everyone....
What about the real user vs. effective check in the
x2gosqlitewrapper.pl script. The setgid bit does not change the
effective user, only the effective group. Is there a similarly easy
check for that in Perl?
Thanks,
Mike
--
DAS-NETZWERKTEAM
mike gabriel, dorfstr. 27, 24245 barmissen
fon: +49 (4302) 281418, fax: +49 (4302) 281419
GnuPG Key ID 0xB588399B
mail: mike.gabriel at das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: Digitale PGP-Unterschrift
URL: <http://lists.x2go.org/pipermail/x2go-dev/attachments/20110718/ef89664c/attachment.pgp>
More information about the x2go-dev
mailing list