Hi Stefan,
On Fr 07 Nov 2014 00:50:55 CET, Stefan Baur wrote:
Package: x2gobroker Severity: wishlist
Please add a prominent note to x2gobroker's man page that it is *not* intended as a security feature - a user can still launch x2goclient without the broker parameter and set it to run any executable the user has exec permission for on the server.
As always, group membership and file permissions *MUST* (MUST as defined in RFC2119 https://www.ietf.org/rfc/rfc2119.txt) be used to limit a user's access to executables on the server.
- -Stefan
Do you think you could write down such an additional note for the man
page and send it back to this bug (in plain text)?
I will work that text into the man page then.
Thanks, Mike
PS: if you will, tag this bug with "patch" once you have sent that
text passage...
--
DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148
GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xf...