This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch release/4.0.1.x in repository x2goserver. commit 5f7752b4d560584949e7f5295b6eb79a67e2319d Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Date: Sat Nov 1 16:49:06 2014 +0100 Make sure that all "su"-to-user-contexts use /bin/sh for wrapping around the executed command (in x2gocleansessions and x2golistsessions_root) --- debian/changelog | 2 ++ x2goserver/sbin/x2gocleansessions | 24 ++++++++++++------------ x2goserver/sbin/x2golistsessions_root | 2 +- 3 files changed, 15 insertions(+), 13 deletions(-) diff --git a/debian/changelog b/debian/changelog index e0e9ba8..9243961 100644 --- a/debian/changelog +++ b/debian/changelog @@ -40,6 +40,8 @@ x2goserver (4.0.1.19-0x2go1) UNRELEASED; urgency=medium - Move X2Go Desktop Sharing options around. Make sure all desktop sharing relevant options are provided at the beginning when evoking the "x2godesktopsharing client" command. + - Make sure that all "su"-to-user-contexts use /bin/sh for wrapping around + the executed command (in x2gocleansessions and x2golistsessions_root) * debian/control: + Add D (x2goserver): libfile-which-perl. * x2goserver.spec: diff --git a/x2goserver/sbin/x2gocleansessions b/x2goserver/sbin/x2gocleansessions index b7845e8..8ce3a68 100755 --- a/x2goserver/sbin/x2gocleansessions +++ b/x2goserver/sbin/x2gocleansessions @@ -212,13 +212,13 @@ elsif ($pid == 0 ) unlink("/tmp/.X$display-lock"); } syslog('debug', "@sinfo[1]: unmounting all shares"); - system( "su", "@sinfo[11]", "-c", "export HOSTNAME && x2goumount-session @sinfo[1]"); + system( "su", "@sinfo[11]", "-s", "/bin/sh", "-c", "export HOSTNAME && x2goumount-session @sinfo[1]"); #remove port forwarding - system("su", "@sinfo[11]", "-c", "$x2go_lib_path/x2gormforward @sinfo[1]"); + system("su", "@sinfo[11]", "-s", "/bin/sh", "-c", "$x2go_lib_path/x2gormforward @sinfo[1]"); } elsif (! check_pid (@sinfo[0],@sinfo[1],@sinfo[12])) { - system("su", "@sinfo[11]", "-c", "$x2go_lib_path/x2gochangestatus 'F' @sinfo[1]"); + system("su", "@sinfo[11]", "-s", "/bin/sh", "-c", "$x2go_lib_path/x2gochangestatus 'F' @sinfo[1]"); my $display = @sinfo[2]; if (-S "/tmp/.X11-unix/X$display") { # remove the NX-X11 socket file (we don't know how the agent disappeared, @@ -233,7 +233,7 @@ elsif ($pid == 0 ) unlink("/tmp/.X$display-lock"); } syslog('debug', "@sinfo[1], pid @sinfo[0] does not exist, changing status from @sinfo[4] to F"); syslog('debug', "@sinfo[1]: unmounting all shares"); - system("su", "@sinfo[11]", "-c", "export HOSTNAME && x2goumount-session @sinfo[1]"); + system("su", "@sinfo[11]", "-s", "/bin/sh", "-c", "export HOSTNAME && x2goumount-session @sinfo[1]"); } else { @@ -241,12 +241,12 @@ elsif ($pid == 0 ) { if (is_suspended(@sinfo[1],@sinfo[11])) { - system("su", "@sinfo[11]", "-c", "$x2go_lib_path/x2gochangestatus S @sinfo[1]"); + system("su", "@sinfo[11]", "-s", "/bin/sh", "-c", "$x2go_lib_path/x2gochangestatus S @sinfo[1]"); syslog('debug', "@sinfo[1] is suspended, changing status from @sinfo[4] to S"); syslog('debug', "@sinfo[1]: unmounting all shares"); - system("su", "@sinfo[11]", "-c", "export HOSTNAME && x2goumount-session @sinfo[1]"); + system("su", "@sinfo[11]", "-s", "/bin/sh", "-c", "export HOSTNAME && x2goumount-session @sinfo[1]"); #remove port forwarding - system("su", "@sinfo[11]", "-c", "$x2go_lib_path/x2gormforward @sinfo[1]"); + system("su", "@sinfo[11]", "-s", "/bin/sh", "-c", "$x2go_lib_path/x2gormforward @sinfo[1]"); } } if (@sinfo[4] eq 'S') @@ -254,8 +254,8 @@ elsif ($pid == 0 ) if (is_running(@sinfo[1],@sinfo[11])) { syslog('debug', "@sinfo[1]: unmounting all shares"); - system("su", "@sinfo[11]", "-c", "export HOSTNAME && x2goumount-session @sinfo[1]"); - system("su", "@sinfo[11]", "-c", "x2gosuspend-session @sinfo[1]"); + system("su", "@sinfo[11]", "-s", "/bin/sh", "-c", "export HOSTNAME && x2goumount-session @sinfo[1]"); + system("su", "@sinfo[11]", "-s", "/bin/sh", "-c", "x2gosuspend-session @sinfo[1]"); syslog('debug', "@sinfo[1] was found running and has now been suspended"); } } @@ -264,11 +264,11 @@ elsif ($pid == 0 ) if (!has_terminated(@sinfo[1],@sinfo[11])) { syslog('debug', "@sinfo[1]: unmounting all shares"); - system("su", "@sinfo[11]", "-c", "export HOSTNAME && x2goumount-session @sinfo[1]"); - system("su", "@sinfo[11]", "-c", "x2goterminate-session @sinfo[1]"); + system("su", "@sinfo[11]", "-s", "/bin/sh", "-c", "export HOSTNAME && x2goumount-session @sinfo[1]"); + system("su", "@sinfo[11]", "-s", "/bin/sh", "-c", "x2goterminate-session @sinfo[1]"); syslog('debug', "@sinfo[1] has been requested for termination via the session DB"); #remove port forwarding - system("su", "@sinfo[11]", "-c", "$x2go_lib_path/x2gormforward @sinfo[1]"); + system("su", "@sinfo[11]", "-s", "/bin/sh", "-c", "$x2go_lib_path/x2gormforward @sinfo[1]"); } } } diff --git a/x2goserver/sbin/x2golistsessions_root b/x2goserver/sbin/x2golistsessions_root index f8928ab..8f9c06e 100755 --- a/x2goserver/sbin/x2golistsessions_root +++ b/x2goserver/sbin/x2golistsessions_root @@ -105,7 +105,7 @@ for (my $i=0;$i<@outp;$i++) { if (is_suspended(@sinfo[1],@sinfo[11])) { - system("su", "-", "@sinfo[11]", "-c", "$x2go_lib_path/x2gochangestatus 'S' @sinfo[1] > /dev/null"); + system("su", "@sinfo[11]", "-s", "/bin/sh", "-c", "$x2go_lib_path/x2gochangestatus 'S' @sinfo[1] > /dev/null"); @outp[$i] =~ s/\|R\|/\|S\|/; } } -- Alioth's /srv/git/_hooks_/post-receive-email on /srv/git/code.x2go.org/x2goserver.git