Implementing a Secure Server with GDC

Implement a secure server by denying users access to the command line or shell.

In an enterprise deployment, it is typical for the Genero Desktop Client to be configured to launch in the default user mode with all application shortcuts pre-defined.

When the "-a" or "--admin" option is specified, however, the Genero Desktop Client launches in admin mode, and the user is able to modify existing shortcuts or create new shortcuts of their own. Therefore, when in admin mode, a Genero Desktop Client user with sufficient knowledge can modify the string passed to the server (UNIX™ or Linux®) and effectively execute any command. While this is expected behavior -- if they can log in to the server, they can enter commands -- this ability can present a problem in some environments.

The following paragraphs explain how to implement a secure server preventing Genero Desktop Client users from executing arbitrary commands, by preventing client access to the (UNIX or Linux) command line or shell while still allowing Genero applications to be started. This is accomplished by not giving them access to the shell, yet allowing the Genero Desktop Client to pass values to the system to indicate which application to start.

Important: This is intended to be the framework for a larger implementation and should be reviewed by your system administrator for any security concerns.