Welcome, Guest
Please Login or Register.    Lost Password?

Client "-a" parameter
(1 viewing) (1) Guest
Go to bottomPage: 1
TOPIC: Client "-a" parameter
#3451
Client "-a" parameter 6 Years, 7 Months ago Karma: 0
Hello,

I found a problem in Go-Global 4 client for Windows .

I can run any command on the host using the parameter "-a" in the shortcut of client, even if not in the application deployed. Example: "'-a cmd.exe"

In the above scenario I can lock in the server, but have another situation where I can run a client application in the context of the host.
Example: "-a O:\temp\mycmd.exe"

This is a very serious security problem, since the drive "O:\" is in the client machine and I need client drive redirection.

How can I block the server to not accept the "-a" parameter?

This is a bug?

Regards,
Leonardo.
panga
Fresh Boarder
Posts: 2
graphgraph
User Offline Click here to see the profile of this user
The administrator has disabled public write access.
 
#3454
Re: Client "-a" parameter 6 Years, 6 Months ago Karma: 0
Even if you could block the -a switch, that won't prevent access to cmd.exe. If the app has an open or save as dialog box, a user could run it from there.

I see your point though. It shouldn't allow an app to run using the -a switch if it's not in the published apps list.
Kurt
Senior Boarder
Posts: 56
graphgraph
User Offline Click here to see the profile of this user
The administrator has disabled public write access.
 
#3456
Re: Client "-a" parameter 6 Years, 6 Months ago Karma: 0
I know the issue with open/save dialog, but the problem that I described above can't be mitigated.

Besides the fact that applications can run from the client machine.
Example: "... -a O:\mycmd.exe"

It's a serious bug.
panga
Fresh Boarder
Posts: 2
graphgraph
User Offline Click here to see the profile of this user
The administrator has disabled public write access.
 
#3457
Re:Client "-a" parameter 6 Years, 6 Months ago Karma: 0
As a work around, you could use the AppLocker feature in Win Server 2008R2 to block exe and scrips from running on the client drive letter path.
Kurt
Senior Boarder
Posts: 56
graphgraph
User Offline Click here to see the profile of this user
The administrator has disabled public write access.
 
Go to topPage: 1
Moderators: troy, Andyl