This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
wiki:security:rbash [2014/11/01 09:23] woglinde |
wiki:security:rbash [2014/11/03 13:07] (current) woglinde [rbash as default shell (optional)] |
||
---|---|---|---|
Line 9: | Line 9: | ||
and hard to setup correctly. Another option is the use of rbash, but with the current state of x2go-server there | and hard to setup correctly. Another option is the use of rbash, but with the current state of x2go-server there | ||
are serval steps so setup it up working correctly. | are serval steps so setup it up working correctly. | ||
+ | |||
+ | This guide is focused on a single application approach, no audio, remote/ | ||
====== rbash short feature overview ====== | ====== rbash short feature overview ====== | ||
Line 17: | Line 19: | ||
* no redirections via > and >> are allowed | * no redirections via > and >> are allowed | ||
* no calls of binaries via complete path | * no calls of binaries via complete path | ||
- | * no changes | + | * no changes |
But be aware, if rbash detects that a executebale is a shell-script it will be run with full bash. | But be aware, if rbash detects that a executebale is a shell-script it will be run with full bash. | ||
Line 93: | Line 95: | ||
</ | </ | ||
- | ====== rbash as default shell (optional)====== | + | ===== Security concerns |
- | + | There could be still problems to brake out of rbash, no one yet made a security audit of the linked x2go scripts, if they allow the execution of a real shell | |
- | If rbash is also set as the default shell via /etc/passwd or some other mechanism, the sessioncleanup skripts needs | + | via options. |
- | to be fixed too. | + | |