On Wed, 2011-03-30 at 10:58 +0200, Erik Auerswald wrote:
Hi,
On Tue, Mar 29, 2011 at 06:31:07PM +0200, Mike Gabriel wrote:
On Di 29 Mär 2011 16:55:50 CEST Alexander Wuerstlein wrote:
On 11-03-29 15:36, Dick Kniep <dick.kniep@lindix.nl> wrote:
An authorized user running commands over ssh is not a security problem at all. It works as intended. ssh provides shells.
As Reinhard has mentioned in another post: Dicks setup requires a
complete lock-down-kiosk-mode-kind-of-thing. He wants a user to be able to run a small set of commands only (i.e. the rootless applications he wants to provide to his customers). From his perspective AFAIK a user logged in via SSH is a security issue. May it be so.The $SSH_ORIGINAL_COMMAND contains the original command that the client wants to execute on the server. This command is checked against the allowed commands for the user within the wrapper.
From the invocation I infer, that the intended language for the wrapper is shellskript. This is extremely dangerous if intended as a security measure like you claim. Also please note that it is very hard to write such wrappers in a secure way, such that stuff like e.g. 'allowed_command foo bar ; evil_command' is not possible.
This is a very worthy remark!!! I also think that it needs quite an
effort to script such a wrapper (and have it accepted in X2go
upstream!!!)An example for rsync via SSH can be found at: http://troy.jdmz.net/rsync/index.html
The validate-rsync script there can be used as a starting point.
Regards, Erik I admit I have not thought this issue through thoroughly as I'm under a brutal deadline right now but I would think the problem is that one can use X2Go for application publishing and not just complete desktops. Do we know in advance every possible application one might want to publish via X2Go? If we did (and I can't imagine we would), would we want to identify those via X2Go or some other mechanism built more for the task? My guess is, since we are an application publishing application, we should leave restriction of applications to the sysadmin using the tools already at their disposal. Again, that is only a half baked thought but I think it has some merit - John