Differences

This shows you the differences between two versions of the page.

--- wiki:security:rbash [2014/10/31 22:11]
woglinde [Bring the path back to some scripts]
+++ wiki:security:rbash [2014/11/03 13:07] (current)
woglinde [rbash as default shell (optional)]
@@ Line 1: / Line 1: @@
-The way x2go works, allows every user to get a ssh access to the x2go server.
+The way x2go works, allows every user to get ssh access to the x2go server.
 This can be a big problem when, you can not use the broker, to prevent certain actions on
-the server. The users can browse the x2go-server and have the access to nearly all directiores.
+the x2go-server.
+The users can browse the x2go-server and have the access to nearly all directiores.
 There are serval options to prevent the user doing it. One would be the use of selinux, but it is hard to understand
 and hard to setup correctly. Another option is the use of rbash, but with the current state of x2go-server there
 are serval steps so setup it up working correctly.
+This guide is focused on a single application approach, no audio, remote/mounted dirs and printing are involved.
 ====== rbash short feature overview ======
@@ Line 15: / Line 19: @@
   * no redirections via > and >> are allowed
   * no calls of binaries via complete path
-  * no changes on the PATH variable are allowed
+  * no changes off the PATH variable are allowed
 But be aware, if rbash detects that a executebale is a shell-script it will be run with full bash.
@@ Line 91: / Line 95: @@
 </code>
-====== Fix session clean up ======
+===== Security concerns =====
+There could be still problems to brake out of rbash, no one yet made a security audit of the linked x2go scripts, if they allow the execution of a real shell
+via options.

X2Go - everywhere@home

User Tools

Site Tools

Differences

Page Tools