Hi Mike, this fix to authenticate the commands is good. I didn't realize
I was uncovering a security problem.
One question: the underlying crash was due to bad data. If authenticated
but still bad data is sent, will the client still crash? I am thinking
about a malicious server crafting something to crash the client or have
it do something bad. I looked at the code diff and I didn't see some
underlying verification of the x2go commands.
E.g.:
X2GODATABEGIN:<good-uuidhash>
bad data here
X2GODATAEND:<good-uuidhash>
_______________________________________________
X2Go-Dev mailing list
[email protected]
https://lists.berlios.de/mailman/listinfo/x2go-dev
