D12732: Implement a more user-friendly run-as-root-or-sudo behavior

Mark Gaiser noreply at phabricator.kde.org
Tue May 8 11:39:46 BST 2018 

markg added a subscriber: emmanuelp.
markg added a comment.


  In D12732#259134 <https://phabricator.kde.org/D12732#259134>, @ngraham wrote:
  
  > In D12732#259043 <https://phabricator.kde.org/D12732#259043>, @markg wrote:
  >
  > > I wonder if the check is accurate.
  > >
  > > I think you need to replace the == root string check to either the one it was before or something like:
  > >  KUser(getuid()).isSuperUser() (this basically is getuid() == 0)
  >
  >
  > It's accurate. `getuid() == 0` returns true for a regular user using sudo as well as the actual root user. Capturing that distinction is a part of this patch.
  
  
  As i said, only for the root part (not the sudo part).
  For instance, you can call dolphin with: "USER='' dolphin" which circumvents the whole check whereas getuid() would work regardless of environment variables ;)
  Anyhow, we're on nitpicking terrain. Your version is fine for me as well and much more readable, but people focused on security will likely see a potential "security issue" with your code.
  
  I am slightly surprised that this "feature" (not being able to run dolphin as root) even got in. It's a killer feature (in the negative sense). I sometimes need to run my GUI as root just because there is no user environment setup yet or when the GUI KDE session is somehow broken. Then i tend to start openbox as root and use dolphin as file management. I haven't had to do this in a while though.
  It all seems to have been triggered by: https://marc.info/?l=kwrite-devel&m=145192458018333&w=2
  And then pushed (outside of phabricator, **why**) by @emmanuelp in this commit: https://cgit.kde.org/dolphin.git/commit/src/main.cpp?id=0bdd8e0b0516555c6233fdc7901e9b417cf89791
  
  So what is the real bug.. Well, this quote describes it:
  
  > Now I sat down and implemented the attached exploit. The key idea is to use an 
  >  embedded konsole window in a root owned process and send it key events. See 
  >  the attached README as well.
  
  That is from the before mentioned link on marc.info.
  
  Why is that an exploit again? You are root to gain root... **you are root already!**
  I don't see why that is a bug.
  
  As the embedded terminal is the real problem (is that even used "that" much?), perhaps "fix" that by just not allowing to run anything in there that requires elevated privileges? That would be a sensible fix and one you can expect as a user. You could go more user friendly and notify the user to open Konsole (or another terminal emulator) for executing commands that require elevated privilege.
  
  I'm all for getting rid of this "security fix" as it's currently done. Running dolphin as root is a valuable thing to have in my opinion.

REPOSITORY
  R318 Dolphin

REVISION DETAIL
  https://phabricator.kde.org/D12732

To: ngraham, #dolphin, graesslin
Cc: emmanuelp, zzag, nicolasfella, elvisangelaccio, Fuchs, mmustac, markg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.kde.org/mailman/private/kfm-devel/attachments/20180508/ad82a1d4/attachment.htm>

More information about the kfm-devel mailing list