[X2Go-Dev] [X2Go-Commits] [x2goclient] 01/01: Don't override PATH for the actual session or application command. Fixes: #1100
Mike DePaulo
mikedep333 at gmail.com
Thu Mar 30 16:57:27 CEST 2017
On Thu, Mar 30, 2017 at 8:50 AM, Mihai Moldovan <ionic at ionic.de> wrote:
> On 26.03.2017 06:11 PM, git-admin at x2go.org wrote:
>> This is an automated email from the git hooks/post-receive script.
>>
>> x2go pushed a commit to branch bugfix/1100
>> in repository x2goclient.
>>
>> commit a7ed6868825c111f8d0fa4a64aa82115b8dab039
>> Author: Mike DePaulo <mikedep333 at gmail.com>
>> Date: Sun Mar 26 12:09:11 2017 -0400
>>
>> Don't override PATH for the actual session or application command. Fixes: #1100
>> ---
>> debian/changelog | 3 ++
>> src/onmainwindow.cpp | 67 ++++++++++++++++++++++++++++-----------------
>> src/onmainwindow.h | 1 +
>> src/sshmasterconnection.cpp | 4 +--
>> src/sshmasterconnection.h | 2 +-
>> src/sshprocess.cpp | 15 ++++++++--
>> src/sshprocess.h | 2 +-
>> 7 files changed, 62 insertions(+), 32 deletions(-)
>>
>> diff --git a/debian/changelog b/debian/changelog
>> index 42c1e52..8e71aeb 100644
>> --- a/debian/changelog
>> +++ b/debian/changelog
>> @@ -180,6 +180,9 @@ x2goclient (4.1.0.1-0x2go1) UNRELEASED; urgency=medium
>> default because the installation dir is not writeable by
>> users)
>> + CVE-2017-6542 was fixed
>> + - Don't override PATH for the actual session or application
>> + command.
>> + Fixes: #1100
>>
>> [ Seth Galitzer ]
>> * New upstream version (4.1.0.1):
>> diff --git a/src/onmainwindow.cpp b/src/onmainwindow.cpp
>> index 5dd3906..0b15649 100644
>> --- a/src/onmainwindow.cpp
>> +++ b/src/onmainwindow.cpp
>> @@ -6291,7 +6291,7 @@ void ONMainWindow::slotProxyStderr()
>> {
>> xmodExecuted=true;
>> QTimer::singleShot (
>> - 2000, this,
>> + 4000, this,
>
> Why are you changing this? It's orthogonal to all the other changes.
I assumed this needs to be executed after a 2000ms delay, because it
takes up to 2000ms for x2goruncommand to run. Since we are introducing
an additional command over SSH, I added another 2000ms.
>
>> SLOT ( slotExecXmodmap() ) );
>> }
>> }
>> @@ -6700,6 +6700,39 @@ void ONMainWindow::slotAppDialog()
>>
>> void ONMainWindow::runCommand()
>> {
>> +
>> + if ( runRemoteCommand )
>> + {
>> + /* 1st override PATH and determine the base path to x2goruncommand.
>
> Whitespace errors, you're mixing tabs and spaces here.
Ack.
>
>> + * Then in SlotRunCommand, call x2goruncommand without overriding PATH.
>> + * This ensures that the PATH is never overriden with for the actual
>
> "overridden", remove "with" or specify.
Ack.
>
>
>> + * user session.
>> + * Fixes: #1100
>> + */
>> + sshConnection->executeCommand ( "x2gobasepath", this,
>> + SLOT ( SlotRunCommand ( bool,
>> + QString,
>> + int )), true);
>> + }
>> +#ifdef Q_WS_HILDON
>> + //wait 5 seconds and execute xkbcomp
>> + QTimer::singleShot ( 5000, this, SLOT ( slotExecXmodmap() ) );
>> +#endif
>
> We'll probably execute slotExecXmodmap a bit sooner than before with that change
> (since you're not doing it in SlotRunCommand - but that wouldn't work for XDMCP
> and Shadow sessions, since they don't set runRemoteCommand to true.)
>
> It's fine, I guess. I just noticed that the code in question is broken anyway -
> it wouldn't even compile on HILDON anymore, so let's ignore that.
>
>
> Otherwise looks good.
>
>
>
> Mihai
>
Thank you for the review.
-Mike
More information about the x2go-dev
mailing list