[X2Go-Dev] Bug#666: Bug#666: point out that x2gobroker is not a security feature
Mike Gabriel
mike.gabriel at das-netzwerkteam.de
Fri Jan 9 00:44:24 CET 2015
Hi Stefan,
On Fr 07 Nov 2014 00:50:55 CET, Stefan Baur wrote:
> Package: x2gobroker
> Severity: wishlist
>
> Please add a prominent note to x2gobroker's man page that it is *not*
> intended as a security feature - a user can still launch x2goclient
> without the broker parameter and set it to run any executable the user
> has exec permission for on the server.
>
> As always, group membership and file permissions *MUST* (MUST as
> defined in RFC2119 https://www.ietf.org/rfc/rfc2119.txt) be used to
> limit a user's access to executables on the server.
>
> - -Stefan
Do you think you could write down such an additional note for the man
page and send it back to this bug (in plain text)?
I will work that text into the man page then.
Thanks,
Mike
PS: if you will, tag this bug with "patch" once you have sent that
text passage...
--
DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148
GnuPG Key ID 0x25771B31
mail: mike.gabriel at das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: Digitale PGP-Signatur
URL: <http://lists.x2go.org/pipermail/x2go-dev/attachments/20150108/005dd919/attachment-0001.pgp>
More information about the x2go-dev
mailing list