29 Mar
2011
29 Mar
'11
2:33 p.m.
On Tue, Mar 29, 2011 at 15:35:32 (CEST), Dick Kniep wrote:
The problem is caused by the fact that the x2go server does not restrict the commands that can be entered thru ssh. This is bad, but what is worse, is that the X2go clients actually use this security hole to start any command it needs.
I don't get this. In the default setup, x2go is used to provide a full desktop environment like Gnome or KDE. There, I can of open some terminal emulator and also execute arbitrary commands like 'rm -rf *'.
What you explain would make sense in a locked-down kiosk-like environment.
-- Gruesse/greetings, Reinhard Tartler, KeyID 945348A4