[X2Go-Dev] Bug#327: Bug#327: x2go client crashes if .bashrc prints anything
Mike Gabriel
mike.gabriel at das-netzwerkteam.de
Tue Oct 29 13:23:16 CET 2013
clone #327 -1
tag #327 wontfix
retitle -1 users can inject data into X2Go Client using .bashrc
severity -1 grave
Hi Dan,
On Di 29 Okt 2013 12:55:05 CET, Dan Halbert wrote:
> On 10/29/2013 4:36 AM, Mike Gabriel wrote:
>> If I put an
>>> echo "testing" # exact text doesn't matter
>>
>> I presume, this on the server.
> Right, this is on the server. With the Windows client there is no
> .bashrc anyway. I confirmed with my colleague that he saw this on
> both the Windows and Ubuntu Precise clients.
>
> Which windowing system chosen on the server does not seem to matter
> either. I saw it with UNITY and with just "Terminal".
>
>> I could confirm this issue on Debian wheezy or Ubuntu precise as
>> X2Go Server. On Ubuntu lucid, the problem does not occur.
> That's interesting. The reason for putting in the echo's was to
> debug a completely unrelated problem about which shell init got run
> when we were running some batch jobs. I had instrumented the init
> files before without difficulty. Thanks for looking at this.
I have looked at this in depth this morning. Indeed an echoing .bashrc
file breaks X2Go. But it also breaks everything else around SSH, esp.
scp [1, 2].
The first link [1] also provides a solution that I want to quote here:
""" (file: ~/.bashrc)
[... normal .bashrc stuff ...]
if [[ $- =~ "i" ]]; then
echo "SPEAK OUT LOUD!!!"
fi
"""
The i-flag in $- checks if the shell is interactive or not. With X2Go,
this flag will not get set.
Greets,
Mike
[1]
http://stackoverflow.com/questions/12440287/scp-doesnt-work-when-echo-in-bashrc
[2] https://bugzilla.redhat.com/show_bug.cgi?id=20527
--
DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148
GnuPG Key ID 0x25771B31
mail: mike.gabriel at das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-keys
Size: 7251 bytes
Desc: ?ffentlicher PGP-Schl?ssel
URL: <http://lists.x2go.org/pipermail/x2go-dev/attachments/20131029/bc8c11c1/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digitale PGP-Signatur
URL: <http://lists.x2go.org/pipermail/x2go-dev/attachments/20131029/bc8c11c1/attachment.pgp>
More information about the x2go-dev
mailing list