[X2go-dev] concept for X2go session lock-down to kiosk-mode (was Re: X2go is insecure)
Erik Auerswald
auerswald at fg-networking.de
Wed Mar 30 10:58:20 CEST 2011
Hi,
On Tue, Mar 29, 2011 at 06:31:07PM +0200, Mike Gabriel wrote:
> On Di 29 Mär 2011 16:55:50 CEST Alexander Wuerstlein wrote:
>> On 11-03-29 15:36, Dick Kniep <dick.kniep at lindix.nl> wrote:
>
>> An authorized user running commands over ssh is not a security problem
>> at all. It works as intended. ssh provides shells.
>
> As Reinhard has mentioned in another post: Dicks setup requires a
> complete lock-down-kiosk-mode-kind-of-thing. He wants a user to be able
> to run a small set of commands only (i.e. the rootless applications he
> wants to provide to his customers). From his perspective AFAIK a user
> logged in via SSH is a security issue. May it be so.
>
>>> The $SSH_ORIGINAL_COMMAND contains the original command that the
>>> client wants to execute on the server. This command is checked against
>>> the allowed commands for the user within the wrapper.
>>
>> From the invocation I infer, that the intended language for the
>> wrapper is shellskript. This is extremely dangerous if intended as a
>> security measure like you claim. Also please note that it is very hard
>> to write such wrappers in a secure way, such that stuff like e.g.
>> 'allowed_command foo bar ; evil_command' is not possible.
>
> This is a very worthy remark!!! I also think that it needs quite an
> effort to script such a wrapper (and have it accepted in X2go
> upstream!!!)
An example for rsync via SSH can be found at:
http://troy.jdmz.net/rsync/index.html
The validate-rsync script there can be used as a starting point.
Regards,
Erik
--
Dipl.-Inform. Erik Auerswald http://www.fg-networking.de/
auerswald at fg-networking.de Tel: +49-631-4149988-0 Fax: +49-631-4149988-9
Gesellschaft für Fundamental Generic Networking mbH
Geschäftsführung: Volker Bauer, Jörg Mayer
Gerichtsstand: Amtsgericht Kaiserslautern - HRB: 3630
More information about the x2go-dev
mailing list