clone #334 -1 reassign #334 python-x2go thanks Hi all,
On Di 29 Okt 2013 13:41:06 CET, Mike Gabriel wrote:
Package: x2goclient Severity: importantIn X2Go it is currently possible to replace every command in X2Go Server by a command of the same name in ~/bin.An attacker could use this to infiltrate X2Go Client with arbitrary data.IMHO, we should make sure, X2Go Client only uses system-wide paths when evoking commands on X2Go Servers.This, of course, will boycott installing X2Go Server into ~<user> space, but actually, I prefer a safe setup to such custom installation tweaks.Feedback?!? Mike
This issue also applies to Python X2Go. Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: [email protected], http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
binV2D1selBzc.bin
Description: Öffentlicher PGP-Schlüssel
pgpp8gXgQHFuu.pgp
Description: Digitale PGP-Signatur
_______________________________________________ X2Go-Dev mailing list [email protected] https://lists.berlios.de/mailman/listinfo/x2go-dev
