[X2Go-Dev] Bug#666: point out that x2gobroker is not a security feature

Stefan Baur X2Go-ML-1 at baur-itcs.de
Fri Nov 7 00:50:55 CET 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Package: x2gobroker
Severity: wishlist

Please add a prominent note to x2gobroker's man page that it is *not*
intended as a security feature - a user can still launch x2goclient
without the broker parameter and set it to run any executable the user
has exec permission for on the server.

As always, group membership and file permissions *MUST* (MUST as
defined in RFC2119 https://www.ietf.org/rfc/rfc2119.txt) be used to
limit a user's access to executables on the server.

- -Stefan

- -- 
BAUR-ITCS UG (haftungsbeschränkt)
Geschäftsführer: Stefan Baur
Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364
Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJUXAlfAAoJEG7d9BjNvlEZ+eAH/06sGKiAbYx5Lzf5ehEZcM/R
5lumXu0SOVHsCIen/KRAHP+MQ+wvGngNawo0PZsJBZyhvHQ/SeUMrotR3MSPFB3S
ZDYvznt4LEfBbKbm4uabBmFOiSndFaFlyZzwt95z/SrAdaLidphUXlkTI0Mu5UOI
qVQbZWtBUNmEF+I1MalAvpGCZ+JK3BpSg88Y7XDqZvQfTcUUBxr9MGWBxKL5CHlK
Lt6jIZzXdxX+RWK7SmA5zYpUCG7yZcR6EzSnq7U1cDqW3XNG/QvddvS4IL04/u/U
068Tl/gHhKr3vquDjyMjXnuP8TbBFuTmDb6qbJeyY+UrC/n5kmXIlFRrBkZPnKM=
=ej1y
-----END PGP SIGNATURE-----


More information about the x2go-dev mailing list