clone #327 -1 tag #327 wontfix retitle -1 users can inject data into X2Go Client using .bashrc severity -1 grave
Hi Dan, On Di 29 Okt 2013 12:55:05 CET, Dan Halbert wrote:
On 10/29/2013 4:36 AM, Mike Gabriel wrote:Right, this is on the server. With the Windows client there is no .bashrc anyway. I confirmed with my colleague that he saw this on both the Windows and Ubuntu Precise clients.If I put anecho "testing" # exact text doesn't matterI presume, this on the server.Which windowing system chosen on the server does not seem to matter either. I saw it with UNITY and with just "Terminal".I could confirm this issue on Debian wheezy or Ubuntu precise as X2Go Server. On Ubuntu lucid, the problem does not occur.That's interesting. The reason for putting in the echo's was to debug a completely unrelated problem about which shell init got run when we were running some batch jobs. I had instrumented the init files before without difficulty. Thanks for looking at this.
I have looked at this in depth this morning. Indeed an echoing .bashrc file breaks X2Go. But it also breaks everything else around SSH, esp. scp [1, 2].
The first link [1] also provides a solution that I want to quote here: """ (file: ~/.bashrc) [... normal .bashrc stuff ...] if [[ $- =~ "i" ]]; then echo "SPEAK OUT LOUD!!!" fi """The i-flag in $- checks if the shell is interactive or not. With X2Go, this flag will not get set.
Greets, Mike[1] http://stackoverflow.com/questions/12440287/scp-doesnt-work-when-echo-in-bashrc
[2] https://bugzilla.redhat.com/show_bug.cgi?id=20527 -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: [email protected], http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
binaQdy5aFLaR.bin
Description: Öffentlicher PGP-Schlüssel
pgp8l4kNqvlqP.pgp
Description: Digitale PGP-Signatur
_______________________________________________ X2Go-Dev mailing list [email protected] https://lists.berlios.de/mailman/listinfo/x2go-dev
