JHS guest server

[Eric Iverson]

The experimental guest server was reconfigured on the weekend. It now has a faster processor, and more ram and disk space.

Please try:

https://server.jsoftware.com:65101/jguest

[Björn Helgason]

I do not know what the difference between two android machines and then two chromes but on one the menu stays on top while advancing the tour but on the other the menu moves up and out of sight.

The one where the manu stays for advance is younger than the other one.

Also I went to jsoftware.com looking for the guest server and did not find it mentioned there.

Not a very thorough search though.

--
To unsubscribe from this group and stop receiving emails from it, send an email to forum+un...@jsoftware.com.

[robert therriault]

Everything worked fine for me on my Mac with Chrome browser. It felt a little bit laggy, but I was moving through the overview pretty briskly and when I set a reasonable pace, everything ran smoothly.

Cheers, bob

[Eric Iverson]

JHS menus are a bit erratic with mobile devices. In a month or two there will be a new JHS release with a completely new menu design that should work better for desktops and much better for mobiles.

[Marcin Żołek]

I found a comment in the implementation saying that a user cannot view other users' files (https://github.com/jsoftware/ide_jhs/blob/master/guest/guest_util.ijs#L24). I discovered that this is not true, even though access to the files is protected by appropriate permissions.

Each guest becomes a user with appropriate permissions of the server's operating system for the duration of the session. When a guest's session is terminated, most of the files that are in the users's directory are deleted, but not all of them! The .bashrc file remains unchanged in the users's directory. In order to obtain permissions to read other users' files, simply connect from a few devices at the same time (users are assigned to the following guests) and in each of these sessions add following lines to the .bashrc file:

chmod 777 .

chmod 777 *

Then, after closing browsers and waiting for all sessions to end (a few mnutes) or alternatively by typing (2!:55) '' in jconsole, another guest can create files that will be visible to others, because of execution of commands from the .bashrc file. The files and their contents can be seen by exploring the directory tree that appears when you press the jfile button or through commands in jconsole:

(2!:0) 'ls -la path/to/directory'

(2!:0) 'cat -la path/to/file'

I tested this idea, so currently users p65002, p65003, p65004 have their .bashrc files modified.

To prevent your files from being read by other users, you can call chmod with the appropriate arguments using 2!:0 in jconsole at the beginning of the session.

I hope I helped to make the application safer for the next users.

Best regards,

Marcin

[Eric Iverson]

Thanks for reporting this guest server security problem. The intention is to either delete all user files or to completely delete the user before allowing a new guest session. This will not be fixed right away, but will certainly be fixed before usage move beyond experimental.

[Eric Iverson]

The proper fix for the reported server problem is probably to delete the user and recreate it. When a new guest starts that needs a new linux user, the user is created. As pointed out, reusing a user that has simple had all visible files deleted is not a good idea.

[Eric Iverson]

J Guest Server has been restarted to fix the security problem reported by Marcin.

Please try:

https://server.jsoftware.com:65101/jguest