Differences

This shows you the differences between two versions of the page.

--- wiki:security:rbash [2014/11/01 09:23]
woglinde
+++ wiki:security:rbash [2014/11/03 13:07] (current)
woglinde [rbash as default shell (optional)]
@@ Line 9: / Line 9: @@
 and hard to setup correctly. Another option is the use of rbash, but with the current state of x2go-server there
 are serval steps so setup it up working correctly.
+This guide is focused on a single application approach, no audio, remote/mounted dirs and printing are involved.
 ====== rbash short feature overview ======
@@ Line 17: / Line 19: @@
   * no redirections via > and >> are allowed
   * no calls of binaries via complete path
-  * no changes on the PATH variable are allowed
+  * no changes off the PATH variable are allowed
 But be aware, if rbash detects that a executebale is a shell-script it will be run with full bash.
@@ Line 93: / Line 95: @@
 </code>
-====== rbash as default shell (optional)======
+===== Security concerns =====
+There could be still problems to brake out of rbash, no one yet made a security audit of the linked x2go scripts, if they allow the execution of a real shell
-If rbash is also set as the default shell via /etc/passwd or some other mechanism, the sessioncleanup skripts needs
+via options.
-to be fixed too.

X2Go - everywhere@home