The branch, twofactorauth has been updated via 07dc7771aad40611427ad7953a89be9ac52b789e (commit) from 3c50a9d2584b10c573fd3762ceb527b03f8df20a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- ----------------------------------------------------------------------- Summary of changes: x2go/backends/terminal/_stdout.py | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) The diff of changes is: diff --git a/x2go/backends/terminal/_stdout.py b/x2go/backends/terminal/_stdout.py index 79ecee3..19d842e 100644 --- a/x2go/backends/terminal/_stdout.py +++ b/x2go/backends/terminal/_stdout.py @@ -698,7 +698,11 @@ class X2goTerminalSessionSTDOUT(object): return True elif 'XSHAD' in cmd: return True - elif cmd: + elif cmd and cmd.startswith('/'): + # check if full path is correct _and_ if application is in server path + test_cmd = 'test -x %s && which %s && echo OK' % (cmd, os.path.basename(cmd.split()[0])) + elif cmd and '/' not in cmd: + # check if application is in server path only test_cmd = 'which %s && echo OK' % os.path.basename(cmd.split()[0]) if test_cmd: @@ -743,14 +747,19 @@ class X2goTerminalSessionSTDOUT(object): # do not run command when in DESKTOP SHARING mode... return None + self.params.update({'cmd': cmd}) + # do not allow the execution of full path names + if '/' in cmd: + cmd = os.path.basename(cmd) + cmd_line = [ "setsid x2goruncommand", str(self.session_info.display), str(self.session_info.agent_pid), str(self.session_info.name), str(self.session_info.snd_port), - _rewrite_blanks(_rewrite_cmd(self.params.cmd, params=self.params)), + _rewrite_blanks(_rewrite_cmd(cmd, params=self.params)), str(self.params.snd_system), str(self.params.session_type), ">& /dev/null & exit", @@ -827,6 +836,10 @@ class X2goTerminalSessionSTDOUT(object): if self.params.kblayout or self.params.kbtype: setkbd = "1" + cmd = self.params.cmd + if '/' in cmd: + cmd = os.path.basename(cmd) + cmd_line = [ "x2gostartagent", str(self.params.geometry), str(self.params.link), @@ -836,7 +849,7 @@ class X2goTerminalSessionSTDOUT(object): str(self.params.kbtype), str(setkbd), str(self.params.session_type), - self.params.cmd, + cmd, ] if self.params.cmd == 'XDMCP' and self.params.xdmcp_server: hooks/post-receive -- python-x2go.git (Python X2Go Client API) This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "python-x2go.git" (Python X2Go Client API).