[X2Go-Dev] Bug#1465: Bug#1465: Bug#1465: Bug#1465: Bug#1465: Allow running with restricted shell (rbash), or limit applications that can be run.
Vladislav Kurz
vladislav.kurz at webstep.net
Mon May 4 18:00:42 CEST 2020
Dne pondělí 4. května 2020 17:01:10 CEST, Stefan Baur napsal(a):
> And here's the next catch: They intend to use Libreoffice as their
> single published application. Which allows the user to write their own
> macros in Libreoffice Basic. Which allows them to read binary files and
> do things with them. Like convert them to a bunch of QR codes and
> display them. So to do the things that need to be done, they (the
> owners) are depending on an executable which the user can do so much
> more with than they want it to do. And there's no way to limit that,
> other than to refrain from using Libreoffice as a front-end.
>
> -Stefan
With full respect to the users, if they were capable of that, they would
probably be able to write similar spreadsheet from scratch (and have some
other job).
I know that redesigning the whole calculation as web application would be much
better. But if protection against 80% of users can be done with 20% effort, I
would do it. You say that 100 % protection is not possible, so there is no
reason to do anything...
All I want is to close this one obvious hole:
ssh somewhere "cat file" > file
I cannot remove exec bit from /bin/cat, cause it is required to set up x2go
session. If the rbash guide I referenced at the beginning worked, this would
be possible.
Best regards
Vladislav Kurz
More information about the x2go-dev
mailing list