D12732: Implement a more user-friendly run-as-root-or-sudo behavior
Martin Flöser
noreply at phabricator.kde.org
Sun May 20 15:08:04 BST 2018
graesslin requested changes to this revision.
graesslin added a comment.
This revision now requires changes to proceed.
-2 from me. That is against our focus of providing secure software.
What you can do instead is starting a KMessageBox through an external process which drops back to the normal user. There inform the user about the risks, maybe with a link to a dedicated page on kde.org where we explain the attack on Dolphin through running as root. From within the message box one could provide a way to launch dolphin nevertheless as root (e.g. env variable I_KNOW_THAT_ROOT_CAN_BREAK_ME=1).
What's absolutely important is to do all checks before the QGuiApplication is constructed. QGuiApplication opens the connection to X. At that point the application is potentially owned. X11 as a protocol is way too insecure. There are millions of ways to get an application running as root to execute arbitrary commands from a non-root user through X11.
INLINE COMMENTS
> dolphinviewcontainer.cpp:129
> + */
> + showMessage(i18n("Running Dolphin using `sudo` can be dangerous and may expose you to security risks."), Warning);
> + }
If you show a message you are owned. That's the problem when running applications on X11 as root. Just opening the connection is sufficient to get owned. In my scratch repos you can find an example application to execute arbitrary commands through a dolphin running as root. See: https://cgit.kde.org/scratch/graesslin/exploit-dophin-root-x11.git/
The warning in the gui is too late.
REPOSITORY
R318 Dolphin
REVISION DETAIL
https://phabricator.kde.org/D12732
To: ngraham, #dolphin, graesslin
Cc: kfm-devel, rikmills, emmanuelp, zzag, nicolasfella, elvisangelaccio, Fuchs, mmustac, markg, spoorun, navarromorales, isidorov, firef, andrebarros
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.kde.org/mailman/private/kfm-devel/attachments/20180520/ebafd46e/attachment.htm>
More information about the kfm-devel
mailing list