The branch, master has been updated via e6cdad130e1aebe7fa94022b3f7fe0d1cf6c4f8c (commit) from f7f414b7b87e13e89e9eb9109e00562fa6aecc86 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e6cdad130e1aebe7fa94022b3f7fe0d1cf6c4f8c Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Date: Mon Sep 23 23:02:25 2013 +0200 With PostgreSQL as session db backend, prevent the root user from launching sessions. Also, prevent x2gouser_root from being added as a PostgreSQL user. (Fixes: #310). ----------------------------------------------------------------------- Summary of changes: debian/changelog | 3 +++ x2goserver/bin/x2gostartagent | 5 +++++ x2goserver/sbin/x2godbadmin | 7 +++++-- 3 files changed, 13 insertions(+), 2 deletions(-) The diff of changes is: diff --git a/debian/changelog b/debian/changelog index 2b362eb..6a70599 100644 --- a/debian/changelog +++ b/debian/changelog @@ -70,6 +70,9 @@ x2goserver (4.0.1.7-0~x2go1) UNRELEASED; urgency=low (Fixes: #285). - Provide sudoers.d/x2goserver file that allows sudoed commands under KDE (by pertaining the env var QT_GRAPHICSSYSTEM. (Fixes: #276). + - With PostgreSQL as session db backend, prevent the root user from + launching sessions. Also, prevent x2gouser_root from being added as a + PostgreSQL user. (Fixes: #310). * /debian/control: - Update LONG_DESCRIPTIONS. - Move xfonts-base from Recommends: field to Depends: field (bin:package diff --git a/x2goserver/bin/x2gostartagent b/x2goserver/bin/x2gostartagent index 1b3f454..607a35e 100755 --- a/x2goserver/bin/x2gostartagent +++ b/x2goserver/bin/x2gostartagent @@ -27,6 +27,11 @@ $X2GO_LIB_PATH/x2gosyslog "$0" "info" "$(basename $0) called with options: $@" X2GO_PORT=49 #First port for X2GO=50 SSH_PORT=30000 #First ssh port 30001 +if egrep "^backend[ ]*=[ ]*postgres" /etc/x2go/x2gosql/sql 1>/dev/null 2>/dev/null && [ "x$USER" = "xroot" ]; then + echo "The super-user \"root\" is not allowed to launch X2Go sessions." + exit -1 +fi + X2GO_ROOT="${HOME}/.x2go" export NX_ROOT=$X2GO_ROOT diff --git a/x2goserver/sbin/x2godbadmin b/x2goserver/sbin/x2godbadmin index 5362905..4f10b02 100755 --- a/x2goserver/sbin/x2godbadmin +++ b/x2goserver/sbin/x2godbadmin @@ -308,9 +308,12 @@ sub add_user() { my $user=shift; my ($name, $pass, $uid, $pgid, $quota, $comment, $gcos, $dir, $shell, $expire) = getpwnam($user); - if (! $uid) + if (! $name) { - print "Can not find user ($user)\n"; + print "Cannot find user ($user)\n"; + return; + } elsif ($name == "root") { + print "The super-user \"root\" is not allowed to use X2Go\n"; return; } $pass=`makepasswd`; hooks/post-receive -- x2goserver.git (X2Go Server) This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "x2goserver.git" (X2Go Server).