[X2go-dev] Wishlist: x2gofeatures query before session start
Mike Gabriel
mike.gabriel at das-netzwerkteam.de
Sun Mar 20 16:01:04 CET 2011
Hi Morty,
On Sa 19 Mär 2011 19:09:52 CET Moritz Strübe wrote:
> Hi Mike,
>
> to make this reasonable there must be ways to actually enforce this.
> Currently a little tweaking of the client will allow you to circumvent
> any of these rules: Start x2goagent "manually" - the db is only
> convenience, desktop-mode is client-related only, you can patch the
> client to start any command you wish, audio is only a matter of setting
> the right environment variables, etc. Basically x2go is just an
> optimized x-forwarding. So doing rights-control on this level would be
> to block the main road and leave the side roads open. While this might
> be enough for a lot of scenarios it might also let administrators think,
> that there rules are actually enforced. All in all it would be just as
> safe as doing all the rights-management in the client....
> The right way of doing this, would be to the learn about Linux system
> administration and use the sufficient tools already provided to you
> (e.g. ACLs). Everything else creates false feeling of security.
What exactly are you aiming at? Best way to control apps on a Linux
host (X2go server) is the apparmor framework. Are you thinking of this?
BTW: I am also looking forward to the gsecurity patch that will be
part some way ahead future Debian kernels:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605090
(With grsecurity amongst others you can hide processes from the ps aux
list and restrict the list of processes to those owned by the user...)
Greets,
Mike
--
DAS-NETZWERKTEAM
mike gabriel, dorfstr. 27, 24245 barmissen
fon: +49 (4302) 281418, fax: +49 (4302) 281419
GnuPG Key ID 0xB588399B
mail: mike.gabriel at das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 489 bytes
Desc: Digitale PGP-Unterschrift
URL: <http://lists.x2go.org/pipermail/x2go-dev/attachments/20110320/7547ec21/attachment.pgp>
More information about the x2go-dev
mailing list