Re: [X2go-dev] concept for X2go session lock-down to kiosk-mode (was Re: X2go is insecure)
Hi list, Reading all comments on my stone in the pond I still think it is not really clear what the problem is (and my proposed solution) I do not want to secure the entire server. I only want a door that can be locked. So I allow a user to use the terminal. Okay he is allowed to use the terminal and so he can do anything he likes. No problem. Or I say on the server the user may only use program XYZ. XYZ starts and that is all. If XYZ deletes my system that is Okay by me. The user had access to that program and that is it. This can be enforced by my simple solution. From the client a command is sent, say Start terminal. Then in the wrapper, the user is matched with the command and if the match exists, the command is allowed and is executed. If not, the request is rejected. Maybe this can be achieved also by apparmor, but it looks to me that apparmor is intended to secure the entire system which is really not what I want. (Or maybe I am mistaken because of lack of knowledge of apparmor) Dick Kniep -Oorspronkelijk bericht- Van: Mike Gabriel mike.gabr...@das-netzwerkteam.de Verzonden: wo 30-03-11 20:22:45 Aan: x2go-dev@lists.berlios.de; Dick Kniep dick.kn...@lindix.nl; Onderwerp: Re: [X2go-dev] concept for X2go session lock-down to kiosk-mode (was Re: X2go is insecure) Hi Dick, On Mi 30 Mär 2011 18:46:49 CEST Dick Kniep wrote: We have developed the wrapper that does exactly what I describe here. Currently it is lacking a screen where an authorized user can change the authorization db, but that will come on short notice. I hope it is a little clearer now what the problem is and how it can be solved. What I have been thinking the last day is that it might be much more generic and by far more effective to use the apparmor tool for this kind of lock-down. However, I have never played with apparmor, only in cases when the rules package maintainers had included in their packages were too strict... Greets, Mike -- DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419 GnuPG Key ID 0xB588399B mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb ___ X2go-dev mailing list X2go-dev@lists.berlios.de https://lists.berlios.de/mailman/listinfo/x2go-dev
Re: [X2go-dev] concept for X2go session lock-down to kiosk-mode (was Re: X2go is insecure)
On Fri, 2011-04-01 at 02:44 +0200, Dick Kniep wrote: Hi list, Reading all comments on my stone in the pond I still think it is not really clear what the problem is (and my proposed solution) I do not want to secure the entire server. I only want a door that can be locked. So I allow a user to use the terminal. Okay he is allowed to use the terminal and so he can do anything he likes. No problem. Or I say on the server the user may only use program XYZ. XYZ starts and that is all. If XYZ deletes my system that is Okay by me. The user had access to that program and that is it. This can be enforced by my simple solution. From the client a command is sent, say Start terminal. Then in the wrapper, the user is matched with the command and if the match exists, the command is allowed and is executed. If not, the request is rejected. Maybe this can be achieved also by apparmor, but it looks to me that apparmor is intended to secure the entire system which is really not what I want. (Or maybe I am mistaken because of lack of knowledge of apparmor) snip Again I confess that I've not taken a lot of time to digest this issue but, I wonder if the back and forth is cause because for some users, this would be a highly desirable feature whereas, for others, it not only makes no sense but would be a significant obstacle. Can it be built as a configurable option that can be enabled with a setting in x2go.conf (or whatever file we are using for configuration)? - John ___ X2go-dev mailing list X2go-dev@lists.berlios.de https://lists.berlios.de/mailman/listinfo/x2go-dev
Re: [X2go-dev] concept for X2go session lock-down to kiosk-mode (was Re: X2go is insecure)
On 03/31/2011 08:44 PM, Dick Kniep wrote: Hi list, Reading all comments on my stone in the pond I still think it is not really clear what the problem is (and my proposed solution) I do not want to secure the entire server. I only want a door that can be locked. So I allow a user to use the terminal. Okay he is allowed to use the terminal and so he can do anything he likes. No problem. Or I say on the server the user may only use program XYZ. XYZ starts and that is all. If XYZ deletes my system that is Okay by me. The user had access to that program and that is it. This can be enforced by my simple solution. From the client a command is sent, say Start terminal. Then in the wrapper, the user is matched with the command and if the match exists, the command is allowed and is executed. If not, the request is rejected. Maybe this can be achieved also by apparmor, but it looks to me that apparmor is intended to secure the entire system which is really not what I want. (Or maybe I am mistaken because of lack of knowledge of apparmor) Dick Kniep It looks like you want an authorization solution. And that is what functionality like sudo is meant for. You make your users members of a certain group and then give that group rights to only specific executables. If they try to execute anything else, the command will fail. Regards, Gerry ___ X2go-dev mailing list X2go-dev@lists.berlios.de https://lists.berlios.de/mailman/listinfo/x2go-dev