I'm thinking that x2go's server scripts should use perl's "-T" taint mode to prevent searching user's paths and otherwise improve security. Thoughts?
-- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA/CoRA Division FAX: 303-415-9702 3380 Mitchell Lane orion@cora.nwra.com Boulder, CO 80301 http://www.cora.nwra.com
On 08.04.2015 03:30 AM, Orion Poplawski wrote:
Good idea! I'm in favor of this and will dig into that when having spare time.
However, there's more to that than just enabling taint mode, by a quick glimpse at http://perldoc.perl.org/perlsec.html#Taint-mode
That is, we actually have to make sure that the scripts still *work in taint mode* prior to just blindly enabling it.
We're also using at least one setuid script, which deserves special care to make sure it continues to work.
Mihai
Hi Mihai,
On Mi 08 Apr 2015 06:37:38 CEST, Mihai Moldovan wrote:
/me is also in favour of this.
Indeed.
We're also using at least one setuid script, which deserves special care to make sure it continues to work.
libx2go-server-db-sqlite3-wrapper (or x2gosqlitewrapper on the 4.0.1.x
branch) is a setgid-x2gouser-binary-wrapper-around-a-Perl-script, to
be more precise here.
Mike
--
DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148
GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xf...
On 04/07/2015 10:37 PM, Mihai Moldovan wrote:
Oh, it absolutely breaks things as they stand now. The first thing I noticed is that PATH will need to be explicitly set for anything that execs another script. But I'm glad to see support for the idea.
We're also using at least one setuid script, which deserves special care to make sure it continues to work.
-- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane orion@nwra.com Boulder, CO 80301 http://www.nwra.com
-
Mihai Moldovan -
Mike Gabriel -
Orion Poplawski