[X2Go-Dev] replacing su calls in X2Go Server scripts with sudo (or ???)
Mike Gabriel
mike.gabriel at das-netzwerkteam.de
Wed Jan 8 14:11:36 CET 2014
Hi all,
as those of you who have studied X2Go Server code probably have
noticed, X2Go uses the su command quite intensively. The problem about
su is that it invokes a subshell whenever it is called. Those
subshells are quite difficult to handle without providing space for
exploitation.
As su is (in all cases) used to drop privileges from root to a normal
user, my suggestion would be exchanging the su calls by sudo calls.
(sudo -u <user> <command>). The advantage of sudo: it does not invoke
a subshell.
Feedback? Request for comments??? Any other approach thinkable???
Thanks,
Mike
--
DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148
GnuPG Key ID 0x25771B31
mail: mike.gabriel at das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digitale PGP-Signatur
URL: <http://lists.x2go.org/pipermail/x2go-dev/attachments/20140108/4b2fd663/attachment.pgp>
More information about the x2go-dev
mailing list