Dne pondělí 4. května 2020 17:01:10 CEST, Stefan Baur napsal(a): > And here's the next catch: They intend to use Libreoffice as their > single published application. Which allows the user to write their own > macros in Libreoffice Basic. Which allows them to read binary files and > do things with them. Like convert them to a bunch of QR codes and > display them. So to do the things that need to be done, they (the > owners) are depending on an executable which the user can do so much > more with than they want it to do. And there's no way to limit that, > other than to refrain from using Libreoffice as a front-end. > > -Stefan
With full respect to the users, if they were capable of that, they would probably be able to write similar spreadsheet from scratch (and have some other job). I know that redesigning the whole calculation as web application would be much better. But if protection against 80% of users can be done with 20% effort, I would do it. You say that 100 % protection is not possible, so there is no reason to do anything... All I want is to close this one obvious hole: ssh somewhere "cat file" > file I cannot remove exec bit from /bin/cat, cause it is required to set up x2go session. If the rbash guide I referenced at the beginning worked, this would be possible. Best regards Vladislav Kurz _______________________________________________ x2go-dev mailing list x2go-dev@lists.x2go.org https://lists.x2go.org/listinfo/x2go-dev
