[X2go-dev] Wishlist: x2gofeatures query before session start
Moritz Strübe
Moritz.Struebe at informatik.uni-erlangen.de
Sat Mar 19 19:09:52 CET 2011
Hi Mike,
to make this reasonable there must be ways to actually enforce this.
Currently a little tweaking of the client will allow you to circumvent
any of these rules: Start x2goagent "manually" - the db is only
convenience, desktop-mode is client-related only, you can patch the
client to start any command you wish, audio is only a matter of setting
the right environment variables, etc. Basically x2go is just an
optimized x-forwarding. So doing rights-control on this level would be
to block the main road and leave the side roads open. While this might
be enough for a lot of scenarios it might also let administrators think,
that there rules are actually enforced. All in all it would be just as
safe as doing all the rights-management in the client....
The right way of doing this, would be to the learn about Linux system
administration and use the sufficient tools already provided to you
(e.g. ACLs). Everything else creates false feeling of security.
Cheers
Morty
Am 19.03.2011 17:11, Mike Gabriel schrieb:
> Hi there,
>
> Here is a feature request proposal for the post-Baikal release (Rebun):
>
> The handshake on session start should be extended in the following way:
>
> o login as user
> o call a script x2gofeatures (or similar)
> o this script replies with some file format that states
> - user may / must not start an X2go session
> - user may / must not start in rootless/desktop mode
> - available commands to execute (KDE, TERMINAL, /usr/bin/xterm...)
> - user may / must not print
> - user may / must not use audio
> - ...
> o the client should obey to this returned list of features
> o if the user tries to hack some feature that he/she is not allowed to
> use, the server of course also has to deny this feature (and
> maybe even
> the whole session)
>
> Greets,
> Mike
>
>
>
> _______________________________________________
> X2go-dev mailing list
> X2go-dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/x2go-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.x2go.org/pipermail/x2go-dev/attachments/20110319/44989008/attachment.html>
More information about the x2go-dev
mailing list