clone #327 -1 tag #327 wontfix retitle -1 users can inject data into X2Go Client using .bashrc severity -1 grave
Hi Dan,
On Di 29 Okt 2013 12:55:05 CET, Dan Halbert wrote:
On 10/29/2013 4:36 AM, Mike Gabriel wrote:
If I put an
echo "testing" # exact text doesn't matter
I presume, this on the server. Right, this is on the server. With the Windows client there is no
.bashrc anyway. I confirmed with my colleague that he saw this on
both the Windows and Ubuntu Precise clients.Which windowing system chosen on the server does not seem to matter
either. I saw it with UNITY and with just "Terminal".I could confirm this issue on Debian wheezy or Ubuntu precise as
X2Go Server. On Ubuntu lucid, the problem does not occur. That's interesting. The reason for putting in the echo's was to
debug a completely unrelated problem about which shell init got run
when we were running some batch jobs. I had instrumented the init
files before without difficulty. Thanks for looking at this.
I have looked at this in depth this morning. Indeed an echoing .bashrc
file breaks X2Go. But it also breaks everything else around SSH, esp.
scp [1, 2].
The first link [1] also provides a solution that I want to quote here:
""" (file: ~/.bashrc) [... normal .bashrc stuff ...]
if [[ $- =~ "i" ]]; then echo "SPEAK OUT LOUD!!!" fi """
The i-flag in $- checks if the shell is interactive or not. With X2Go,
this flag will not get set.
Greets, Mike
[1]
http://stackoverflow.com/questions/12440287/scp-doesnt-work-when-echo-in-bas...
[2] https://bugzilla.redhat.com/show_bug.cgi?id=20527
--
DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148
GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xf...