Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
kdesu dolphin as root not possible [SOLVED-again]
View unanswered posts
View posts from last 24 hours
View posts from last 7 days

Goto page Previous  1, 2, 3, 4, 5, 6, 7  Next  
Reply to topic    Gentoo Forums Forum Index Desktop Environments
View previous topic :: View next topic  
Author Message
fedeliallalinea
Administrator
Administrator


Joined: 08 Mar 2003
Posts: 31348
Location: here

PostPosted: Mon Aug 06, 2018 5:57 am    Post subject: Reply with quote

natrix wrote:
The patch not work, emerge show this output. It was the same that dolphin:

It seems not a patch for kate-18.04.3, because now code is
kate/main.cpp:
...
#ifndef Q_OS_WIN
#include <unistd.h>
#endif
#include <iostream>


int main(int argc, char **argv)
{
#ifndef Q_OS_WIN
    /**
     * Check whether we are running as root
     **/
    if (getuid() == 0) {
        std::cout << "Executing Kate as root is not possible. To edit files as root use:" << std::endl;
        std::cout << "SUDO_EDITOR=kate sudoedit <file>" << std::endl;
        return 0;
    }
#endif
...

_________________
Questions are guaranteed in life; Answers aren't.
Back to top
View user's profile Send private message
proteusx
Guru
Guru


Joined: 21 Jan 2008
Posts: 340

PostPosted: Mon Aug 06, 2018 7:27 am    Post subject: Reply with quote

@natrix
Please post your complete build log.

@fedeliallalinea
The patches I posted will fail unless the portage patches have been applied first.
Back to top
View user's profile Send private message
PrSo
Tux's lil' helper
Tux's lil' helper


Joined: 01 Jun 2017
Posts: 136

PostPosted: Mon Aug 06, 2018 12:03 pm    Post subject: Reply with quote

Sorry for interrupting, and thank you proteusx for those patches.

On my system I had to make some modification of posted patches since offsets in dolphin's and kate's "main.cpp" files does not match.

Here it goes:

dolphin without modification of "root enable" warning:
Code:
--- a/src/main.cpp   2018-08-06 07:12:38.040074724 +0200
+++ b/src/main.cpp   2018-08-06 07:25:21.936760319 +0200
@@ -42,19 +42,6 @@
 
 extern "C" Q_DECL_EXPORT int kdemain(int argc, char **argv)
 {
-#ifndef Q_OS_WIN
-    // Prohibit using sudo or kdesu (but allow using the root user directly)
-    if (getuid() == 0) {
-        if (!qEnvironmentVariableIsEmpty("SUDO_USER")) {
-            std::cout << "Executing Dolphin with sudo is not possible due to unfixable security vulnerabilities." << std::endl;
-            return EXIT_FAILURE;
-        } else if (!qEnvironmentVariableIsEmpty("KDESU_USER")) {
-            std::cout << "Executing Dolphin with kdesu is not possible due to unfixable security vulnerabilities." << std::endl;
-            return EXIT_FAILURE;
-        }
-    }
-#endif
-
     QApplication app(argc, argv);
     app.setAttribute(Qt::AA_UseHighDpiPixmaps, true);
     app.setWindowIcon(QIcon::fromTheme(QStringLiteral("system-file-manager"), app.windowIcon()));


and kate:
Code:
--- a/kate/main.cpp   2018-08-06 08:14:55.563340125 +0200
+++ b/kate/main.cpp   2018-08-06 08:20:27.573348320 +0200
@@ -60,18 +60,6 @@
 
 int main(int argc, char **argv)
 {
-#ifndef Q_OS_WIN
-    // Prohibit using sudo or kdesu (but allow using the root user directly)
-    if (getuid() == 0) {
-        if (!qEnvironmentVariableIsEmpty("SUDO_USER")) {
-            std::cout << "Executing Kate with sudo is not possible due to unfixable security vulnerabilities." << std::endl;
-            return EXIT_FAILURE;
-        } else if (!qEnvironmentVariableIsEmpty("KDESU_USER")) {
-            std::cout << "Executing Kate with kdesu is not possible due to unfixable security vulnerabilities." << std::endl;
-            return EXIT_FAILURE;
-        }
-    }
-#endif
     /**
      * init resources from our static lib
      */


I have paced them accordingly in "/etc/portage/patches/kde-apps/dolphin" and "/etc/portage/patches/kde-apps/kate".

Both compile just fine, and executing dolphin and kate through kdesu works.

I hope this helps, and thank you once again proteusx.
Back to top
View user's profile Send private message
wrc1944
Advocate
Advocate


Joined: 15 Aug 2002
Posts: 3456
Location: Gainesville, Florida

PostPosted: Mon Aug 06, 2018 3:50 pm    Post subject: Reply with quote

FWIW, the /etc/portage/patches/kde-apps/kate/kate-18.04-root.patch works fine here.
Applies OK for me:
Code:
>>> Emerging (1 of 1) kde-apps/kate-18.04.3::gentoo
 * kate-18.04.3.tar.xz BLAKE2B SHA512 size ;-) ...                                                                                                             [ ok ]
>>> Unpacking source...
>>> Unpacking kate-18.04.3.tar.xz to /var/tmp/portage/kde-apps/kate-18.04.3/work
>>> Source unpacked in /var/tmp/portage/kde-apps/kate-18.04.3/work
>>> Preparing source in /var/tmp/portage/kde-apps/kate-18.04.3/work/kate-18.04.3 ...
 * Applying kate-18.04.3-root-user.patch ...                                                                                                                   [ ok ]
 * Applying kate-18.04-root.patch ...
patch unexpectedly ends in middle of line                                                                                                                      [ ok ]
 * User patches applied


The line "patch unexpectedly ends in middle of line" was also in the dolphin patch, but seems to make no difference, as both still work perfectly. Dolphin & kate open as root, and run normally.
_________________
Main box- AsRock x370 Gaming K4
Ryzen 7 3700x, 3.6GHz, 16GB GSkill Flare DDR4 3200mhz
Samsung SATA 1000GB, Radeon HD R7 350 2GB DDR5
OpenRC Gentoo ~amd64 plasma, glibc-2.40-r5, gcc-14
kernel-6.12.3 USE=experimental python3_12.7-final-0
Back to top
View user's profile Send private message
natrix
Guru
Guru


Joined: 23 Aug 2013
Posts: 556

PostPosted: Tue Aug 07, 2018 12:51 am    Post subject: Reply with quote

PrSo: the patch to Kate work fine!

proteusx and PrSo:
A very useful contribution.
Thank you!!
Back to top
View user's profile Send private message
jhon987
Guru
Guru


Joined: 18 Nov 2013
Posts: 302

PostPosted: Sat Feb 09, 2019 2:40 pm    Post subject: Reply with quote

What about a patch for kwrie-18.18?
Back to top
View user's profile Send private message
proteusx
Guru
Guru


Joined: 21 Jan 2008
Posts: 340

PostPosted: Sun Feb 10, 2019 3:41 am    Post subject: Reply with quote

kwrite-18-root.patch

Code:
--- a/kwrite/main.cpp
+++ b/kwrite/main.cpp
@@ -42,25 +42,8 @@
 
 #include "../urlinfo.h"
 
-#ifndef Q_OS_WIN
-#include <unistd.h>
-#endif
-#include <iostream>
-
 extern "C" Q_DECL_EXPORT int main(int argc, char **argv)
 {
-#ifndef Q_OS_WIN
-    // Prohibit using sudo or kdesu (but allow using the root user directly)
-    if (getuid() == 0) {
-        if (!qEnvironmentVariableIsEmpty("SUDO_USER")) {
-            std::cout << "Executing Kate with sudo is not possible due to unfixable security vulnerabilities." << std::endl;
-            return EXIT_FAILURE;
-        } else if (!qEnvironmentVariableIsEmpty("KDESU_USER")) {
-            std::cout << "Executing Kate with kdesu is not possible due to unfixable security vulnerabilities." << std::endl;
-            return EXIT_FAILURE;
-        }
-    }
-#endif
     /**
      * Create application first
      * Enforce application name even if the executable is renamed
Back to top
View user's profile Send private message
jhon987
Guru
Guru


Joined: 18 Nov 2013
Posts: 302

PostPosted: Sun Feb 10, 2019 6:38 am    Post subject: Reply with quote

proteusx wrote:
kwrite-18-root.patch

Code:
--- a/kwrite/main.cpp
+++ b/kwrite/main.cpp
@@ -42,25 +42,8 @@
 
 #include "../urlinfo.h"
 
-#ifndef Q_OS_WIN
-#include <unistd.h>
-#endif
-#include <iostream>
-
 extern "C" Q_DECL_EXPORT int main(int argc, char **argv)
 {
-#ifndef Q_OS_WIN
-    // Prohibit using sudo or kdesu (but allow using the root user directly)
-    if (getuid() == 0) {
-        if (!qEnvironmentVariableIsEmpty("SUDO_USER")) {
-            std::cout << "Executing Kate with sudo is not possible due to unfixable security vulnerabilities." << std::endl;
-            return EXIT_FAILURE;
-        } else if (!qEnvironmentVariableIsEmpty("KDESU_USER")) {
-            std::cout << "Executing Kate with kdesu is not possible due to unfixable security vulnerabilities." << std::endl;
-            return EXIT_FAILURE;
-        }
-    }
-#endif
     /**
      * Create application first
      * Enforce application name even if the executable is renamed


Thank you very much proteusx, it works just as expected!
Back to top
View user's profile Send private message
nordicruler
Tux's lil' helper
Tux's lil' helper


Joined: 20 Dec 2004
Posts: 93
Location: Philippines (but from Sweden)

PostPosted: Sat Feb 23, 2019 1:34 am    Post subject: Reply with quote

Any working patch for dolphin-18.12.2?
Back to top
View user's profile Send private message
proteusx
Guru
Guru


Joined: 21 Jan 2008
Posts: 340

PostPosted: Sat Feb 23, 2019 12:40 pm    Post subject: Reply with quote

Code:
kdesu dolphin &
still works for dolphin-18.12.2, if patched as per above.
Back to top
View user's profile Send private message
nordicruler
Tux's lil' helper
Tux's lil' helper


Joined: 20 Dec 2004
Posts: 93
Location: Philippines (but from Sweden)

PostPosted: Sat Feb 23, 2019 2:54 pm    Post subject: Reply with quote

proteusx wrote:
Code:
kdesu dolphin &
still works for dolphin-18.12.2, if patched as per above.


I already tried a few times and its not working.

Code:
>>> Unpacking source...
>>> Unpacking dolphin-18.12.2.tar.xz to /var/tmp/gentoo/portage/kde-apps/dolphin-18.12.2/work
>>> Source unpacked in /var/tmp/gentoo/portage/kde-apps/dolphin-18.12.2/work
>>> Preparing source in /var/tmp/gentoo/portage/kde-apps/dolphin-18.12.2/work/dolphin-18.12.2 ...
 * Applying dolphin-18.12.2-root.patch ...
1 out of 1 hunk FAILED -- saving rejects to file src/main.cpp.rej
 [ !! ]
 * ERROR: kde-apps/dolphin-18.12.2::gentoo failed (prepare phase):
 *   patch -p1  failed with /etc/portage/patches/kde-apps/dolphin/dolphin-18.12.2-root.patch
 *
 * Call stack:
 *               ebuild.sh, line  124:  Called src_prepare
 *             environment, line 2647:  Called kde5_src_prepare
 *             environment, line 2104:  Called cmake-utils_src_prepare
 *             environment, line 1206:  Called default_src_prepare
 *      phase-functions.sh, line  933:  Called __eapi6_src_prepare
 *             environment, line  325:  Called eapply_user
 *             environment, line 1421:  Called eapply '/etc/portage/patches/kde-apps/dolphin/dolphin-18.12.2-root.patch'
 *             environment, line 1391:  Called _eapply_patch '/etc/portage/patches/kde-apps/dolphin/dolphin-18.12.2-root.patch'
 *             environment, line 1329:  Called __helpers_die 'patch -p1  failed with /etc/portage/patches/kde-apps/dolphin/dolphin-18.12.2-root.patch'
 *   isolated-functions.sh, line  119:  Called die
 * The specific snippet of code:
 *              die "$@"
Back to top
View user's profile Send private message
proteusx
Guru
Guru


Joined: 21 Jan 2008
Posts: 340

PostPosted: Sat Feb 23, 2019 3:54 pm    Post subject: Reply with quote

Here is the dolphin patch I use.
Code:
 
--- a/src/dolphinviewcontainer.cpp
+++ b/src/dolphinviewcontainer.cpp
@@ -108,14 +108,6 @@
     m_messageWidget->setCloseButtonVisible(true);
     m_messageWidget->hide();
 
-#ifndef Q_OS_WIN
-    if (getuid() == 0) {
-
-        // We must be logged in as the root user; show a big scary warning
-        showMessage(i18n("Running Dolphin as root can be dangerous. Please be careful."), Warning);
-    }
-#endif
-
     m_view = new DolphinView(url, this);
     connect(m_view, &DolphinView::urlChanged,
             m_urlNavigator, &KUrlNavigator::setLocationUrl);
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -35,26 +35,8 @@
 #include <QApplication>
 #include <QCommandLineParser>
 
-#ifndef Q_OS_WIN
-#include <unistd.h>
-#endif
-#include <iostream>
-
 extern "C" Q_DECL_EXPORT int kdemain(int argc, char **argv)
 {
-#ifndef Q_OS_WIN
-    // Prohibit using sudo or kdesu (but allow using the root user directly)
-    if (getuid() == 0) {
-        if (!qEnvironmentVariableIsEmpty("SUDO_USER")) {
-            std::cout << "Executing Dolphin with sudo is not possible due to unfixable security vulnerabilities." << std::endl;
-            return EXIT_FAILURE;
-        } else if (!qEnvironmentVariableIsEmpty("KDESU_USER")) {
-            std::cout << "Executing Dolphin with kdesu is not possible due to unfixable security vulnerabilities." << std::endl;
-            return EXIT_FAILURE;
-        }
-    }
-#endif
-
     QApplication app(argc, argv);
     app.setAttribute(Qt::AA_UseHighDpiPixmaps, true);
     app.setWindowIcon(QIcon::fromTheme(QStringLiteral("system-file-manager"), app.windowIcon()));
 

I Verified it just now with dolphin-18.12.2 and it works.
Back to top
View user's profile Send private message
Hu
Administrator
Administrator


Joined: 06 Mar 2007
Posts: 22853

PostPosted: Sat Feb 23, 2019 5:05 pm    Post subject: Reply with quote

The exit path is triggered by the presence of the environment variable informing it that you are using it insecurely. Rather than continue patching every version, if you insist on overriding the security check, do so by creating a wrapper shell script that runs as root, removes those environment variables, then executes Dolphin.
Code:
$ a=1 /bin/sh -c '/usr/bin/env' | grep '^a='
a=1
$ a=1 /bin/sh -c 'export -n a; /usr/bin/env' | grep '^a='
$
Back to top
View user's profile Send private message
nordicruler
Tux's lil' helper
Tux's lil' helper


Joined: 20 Dec 2004
Posts: 93
Location: Philippines (but from Sweden)

PostPosted: Sun Feb 24, 2019 4:45 am    Post subject: Reply with quote

Still not working with this patch

proteusx wrote:
Here is the dolphin patch I use.
Code:
 
--- a/src/dolphinviewcontainer.cpp
+++ b/src/dolphinviewcontainer.cpp
@@ -108,14 +108,6 @@
     m_messageWidget->setCloseButtonVisible(true);
     m_messageWidget->hide();
 
-#ifndef Q_OS_WIN
-    if (getuid() == 0) {
-
-        // We must be logged in as the root user; show a big scary warning
-        showMessage(i18n("Running Dolphin as root can be dangerous. Please be careful."), Warning);
-    }
-#endif
-
     m_view = new DolphinView(url, this);
     connect(m_view, &DolphinView::urlChanged,
             m_urlNavigator, &KUrlNavigator::setLocationUrl);
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -35,26 +35,8 @@
 #include <QApplication>
 #include <QCommandLineParser>
 
-#ifndef Q_OS_WIN
-#include <unistd.h>
-#endif
-#include <iostream>
-
 extern "C" Q_DECL_EXPORT int kdemain(int argc, char **argv)
 {
-#ifndef Q_OS_WIN
-    // Prohibit using sudo or kdesu (but allow using the root user directly)
-    if (getuid() == 0) {
-        if (!qEnvironmentVariableIsEmpty("SUDO_USER")) {
-            std::cout << "Executing Dolphin with sudo is not possible due to unfixable security vulnerabilities." << std::endl;
-            return EXIT_FAILURE;
-        } else if (!qEnvironmentVariableIsEmpty("KDESU_USER")) {
-            std::cout << "Executing Dolphin with kdesu is not possible due to unfixable security vulnerabilities." << std::endl;
-            return EXIT_FAILURE;
-        }
-    }
-#endif
-
     QApplication app(argc, argv);
     app.setAttribute(Qt::AA_UseHighDpiPixmaps, true);
     app.setWindowIcon(QIcon::fromTheme(QStringLiteral("system-file-manager"), app.windowIcon()));
 

I Verified it just now with dolphin-18.12.2 and it works.


Code:
>>> Unpacking source...
>>> Unpacking dolphin-18.12.2.tar.xz to /var/tmp/gentoo/portage/kde-apps/dolphin-18.12.2/work
>>> Source unpacked in /var/tmp/gentoo/portage/kde-apps/dolphin-18.12.2/work
>>> Preparing source in /var/tmp/gentoo/portage/kde-apps/dolphin-18.12.2/work/dolphin-18.12.2 ...
 * Applying dolphin-18.12.2-root.patch ...
1 out of 1 hunk FAILED -- saving rejects to file src/dolphinviewcontainer.cpp.rej
1 out of 1 hunk FAILED -- saving rejects to file src/main.cpp.rej
 [ !! ]
 * ERROR: kde-apps/dolphin-18.12.2::gentoo failed (prepare phase):
 *   patch -p1  failed with /etc/portage/patches/kde-apps/dolphin/dolphin-18.12.2-root.patch
Back to top
View user's profile Send private message
proteusx
Guru
Guru


Joined: 21 Jan 2008
Posts: 340

PostPosted: Sun Feb 24, 2019 5:20 am    Post subject: Reply with quote

I cannot reproduce your problem.
Here the start of my build log.
Code:
 * Package:    kde-apps/dolphin-18.12.2
 * Repository: gentoo
 * Maintainer: kde@gentoo.org
 * USE:        abi_x86_64 amd64 elibc_glibc handbook kernel_linux userland_GNU
 * FEATURES:   preserve-libs sandbox userpriv usersandbox
>>> Unpacking source...
>>> Unpacking dolphin-18.12.2.tar.xz to /tmp/portage/kde-apps/dolphin-18.12.2/work
>>> Source unpacked in /tmp/portage/kde-apps/dolphin-18.12.2/work
>>> Preparing source in /tmp/portage/kde-apps/dolphin-18.12.2/work/dolphin-18.12.2 ...
 * Applying dolphin-18.04-root.patch ...
 [ ok ]
 * User patches applied.
>>> Source prepared.
>>> Configuring source in /tmp/portage/kde-apps/dolphin-18.12.2/work/dolphin-18.12.2 ...
>>> Working in BUILD_DIR: "/tmp/portage/kde-apps/dolphin-18.12.2/work/dolphin-18.12.2_build"
cmake -C /tmp/portage/kde-apps/dolphin-18.12.2/work/dolphin-18.12.2_build/gentoo_common_config.cmake -G Ninja -DCMAKE_INSTALL_PREFIX=/usr -DBUILD_TESTING=OFF -DKDE_INSTALL_USE_QT_SYS_PATHS=ON -DKDE_INSTALL_DOCBUNDLEDIR=/usr/share/help -DCMAKE_DISABLE_FIND_PACKAGE_KF5Baloo=ON -DCMAKE_DISABLE_FIND_PACKAGE_KF5BalooWidgets=ON -DCMAKE_DISABLE_FIND_PACKAGE_KF5FileMetaData=ON -DCMAKE_BUILD_TYPE=Gentoo -DCMAKE_TOOLCHAIN_FILE=/tmp/portage/kde-apps/dolphin-18.12.2/work/dolphin-18.12.2_build/gentoo_toolchain.cmake  /tmp/portage/kde-apps/dolphin-18.12.2/work/dolphin-18.12.2
loading initial cache file /tmp/portage/kde-apps/dolphin-18.12.2/work/dolphin-18.12.2_build/gentoo_common_config.cmake
-- The C compiler identification is GNU 6.4.0
-- The CXX compiler identification is GNU 6.4.0
-- Check for working C compiler: /usr/bin/x86_64-pc-linux-gnu-gcc
-- Check for working C compiler: /usr/bin/x86_64-pc-linux-gnu-gcc -- works
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- ................. and so on........

Have you perhaps applied another patch before this one?
Back to top
View user's profile Send private message
nordicruler
Tux's lil' helper
Tux's lil' helper


Joined: 20 Dec 2004
Posts: 93
Location: Philippines (but from Sweden)

PostPosted: Mon Feb 25, 2019 4:15 am    Post subject: Reply with quote

proteusx wrote:
I cannot reproduce your problem.
Here the start of my build log.
Code:
 * Package:    kde-apps/dolphin-18.12.2
 * Repository: gentoo
 * Maintainer: kde@gentoo.org
 * USE:        abi_x86_64 amd64 elibc_glibc handbook kernel_linux userland_GNU
 * FEATURES:   preserve-libs sandbox userpriv usersandbox
>>> Unpacking source...
>>> Unpacking dolphin-18.12.2.tar.xz to /tmp/portage/kde-apps/dolphin-18.12.2/work
>>> Source unpacked in /tmp/portage/kde-apps/dolphin-18.12.2/work
>>> Preparing source in /tmp/portage/kde-apps/dolphin-18.12.2/work/dolphin-18.12.2 ...
 * Applying dolphin-18.04-root.patch ...
 [ ok ]
 * User patches applied.
>>> Source prepared.
>>> Configuring source in /tmp/portage/kde-apps/dolphin-18.12.2/work/dolphin-18.12.2 ...
>>> Working in BUILD_DIR: "/tmp/portage/kde-apps/dolphin-18.12.2/work/dolphin-18.12.2_build"
cmake -C /tmp/portage/kde-apps/dolphin-18.12.2/work/dolphin-18.12.2_build/gentoo_common_config.cmake -G Ninja -DCMAKE_INSTALL_PREFIX=/usr -DBUILD_TESTING=OFF -DKDE_INSTALL_USE_QT_SYS_PATHS=ON -DKDE_INSTALL_DOCBUNDLEDIR=/usr/share/help -DCMAKE_DISABLE_FIND_PACKAGE_KF5Baloo=ON -DCMAKE_DISABLE_FIND_PACKAGE_KF5BalooWidgets=ON -DCMAKE_DISABLE_FIND_PACKAGE_KF5FileMetaData=ON -DCMAKE_BUILD_TYPE=Gentoo -DCMAKE_TOOLCHAIN_FILE=/tmp/portage/kde-apps/dolphin-18.12.2/work/dolphin-18.12.2_build/gentoo_toolchain.cmake  /tmp/portage/kde-apps/dolphin-18.12.2/work/dolphin-18.12.2
loading initial cache file /tmp/portage/kde-apps/dolphin-18.12.2/work/dolphin-18.12.2_build/gentoo_common_config.cmake
-- The C compiler identification is GNU 6.4.0
-- The CXX compiler identification is GNU 6.4.0
-- Check for working C compiler: /usr/bin/x86_64-pc-linux-gnu-gcc
-- Check for working C compiler: /usr/bin/x86_64-pc-linux-gnu-gcc -- works
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- ................. and so on........

Have you perhaps applied another patch before this one?


I recreated the patch and now its working. Both patch for kate and dolphin are working fine. Thanks.
Back to top
View user's profile Send private message
asturm
Developer
Developer


Joined: 05 Apr 2007
Posts: 9320

PostPosted: Sun Mar 03, 2019 1:05 pm    Post subject: Reply with quote

kate/kwrite do not need any patching, nor be run with kdesu for editing root owned files. kauth is used to gain write permission when such files are saved.
Back to top
View user's profile Send private message
jhon987
Guru
Guru


Joined: 18 Nov 2013
Posts: 302

PostPosted: Sun Jul 28, 2019 6:38 am    Post subject: Reply with quote

kwrite-19.04.3 has now hit Gentoo's stable branch,
the difference in the main.cpp file (from the patch perspecitve) is that instead of starting at line 42:
Code:
--- a/kwrite/main.cpp
+++ b/kwrite/main.cpp
@@ -42,25 +42,8 @@
 
 #include "../urlinfo.h"
 
-#ifndef Q_OS_WIN
...


it now starts at line 43, and so I changed the patch to accommodate the file changes, like so:
Code:
--- a/kwrite/main.cpp
+++ b/kwrite/main.cpp
@@ -43,25 +43,8 @@
 
 #include "../urlinfo.h"
 
-#ifndef Q_OS_WIN
...


yet the patch isn't accepted when I emerge the package.
did someone solved this issue / has patch for kwrite-19.04.3?
Back to top
View user's profile Send private message
asturm
Developer
Developer


Joined: 05 Apr 2007
Posts: 9320

PostPosted: Sun Jul 28, 2019 7:24 am    Post subject: Reply with quote

kate/kwrite can write root owned files just fine without kdesu. Please just give it a try.
Back to top
View user's profile Send private message
proteusx
Guru
Guru


Joined: 21 Jan 2008
Posts: 340

PostPosted: Sun Jul 28, 2019 9:10 am    Post subject: Reply with quote

Updated kwrite patch:
Code:
--- a/kwrite/main.cpp
+++ b/kwrite/main.cpp
@@ -50,18 +50,6 @@
 
 extern "C" Q_DECL_EXPORT int main(int argc, char **argv)
 {
-#ifndef Q_OS_WIN
-    // Prohibit using sudo or kdesu (but allow using the root user directly)
-    if (getuid() == 0) {
-        if (!qEnvironmentVariableIsEmpty("SUDO_USER")) {
-            std::cout << "Executing KWrite with sudo is not possible due to unfixable security vulnerabilities." << std::endl;
-            return EXIT_FAILURE;
-        } else if (!qEnvironmentVariableIsEmpty("KDESU_USER")) {
-            std::cout << "Executing KWrite with kdesu is not possible due to unfixable security vulnerabilities." << std::endl;
-            return EXIT_FAILURE;
-        }
-    }
-#endif
     /**
      * Create application first
      * Enforce application name even if the executable is renamed


@Asturm
Invoking unpatched kwrite from my konsole root profile (command sudo -i tmux) it does not work.
Code:
# kwrite /etc/foo.conf
Executing KWrite with sudo is not possible due to unfixable security vulnerabilities.


Last edited by proteusx on Sun Jul 28, 2019 9:12 am; edited 1 time in total
Back to top
View user's profile Send private message
asturm
Developer
Developer


Joined: 05 Apr 2007
Posts: 9320

PostPosted: Sun Jul 28, 2019 9:11 am    Post subject: Reply with quote

You start it as user.
Back to top
View user's profile Send private message
jhon987
Guru
Guru


Joined: 18 Nov 2013
Posts: 302

PostPosted: Sun Jul 28, 2019 10:21 am    Post subject: Reply with quote

Thanks @proteusx, once again you're saving the day!

@asturm, oh I have given it enough tries, thank you very much sir. But when I buy a PC and install software I choose on it, I prefer they would serve me instead of me serving them.
I understand there's a potential security (though not very likely) risk in using tools as root, however I don't think that the right way to mitigate it is by disallowing run as root altogether.

You know, that solution reminds me of the time I used to serve in the army, one time a soldier who crossed the road at night from base to reach the bus station at the other side, was ran over to death by a car. So what did the high command decided to do about it? in order to cover their asses they decided to issue a command that soldiers aren't allowed to cross that road at all. So now in order to get to the north of the country, a soldier must have traveled a few hours south first until he reaches a station where a bus north could be reached.

These kind of solutions, are in me view, absolutely ridicules. it's akin to throwing the baby with the bath water - just because you might have a malicious/sloppy program that could potentially take advantage of the root privileges therefore what did the developers decided to do? throw the risk (the bath water) away and at same time prevent the user from using tools (the baby) as root.

It's highly bothersome for me when some directories of mine are (understandably) possible to be accessed only with root credentials and doing it via GUI is much quicker than via command line, and so it's highly bothersome to do that via command line, as well as, when I use root dolphin to access a folder (that requires root privileges) I then need to open a non-root dolphin in order to open a file that's in there using kwrite, since the polkit prompt is only invoked via non-root user, which means I cannot do it via GUI but only via the command line - which is bothersome, annoying and totally goes against the purpose of having machines to make our lives easier.

I know it's not your fault (I believe its that KDE's martin grablin dude), but since you asked me to try...
Back to top
View user's profile Send private message
dalek
Veteran
Veteran


Joined: 19 Sep 2003
Posts: 1353
Location: Mississippi USA

PostPosted: Sun Jul 28, 2019 10:30 am    Post subject: Reply with quote

jhon987,

I feel pretty much the same way. What I did, I started using a different file manager. I actually have a couple different ones installed that I can use or fall back on if needed. Dolphin isn't the only tool. I like Konqueror but think it died. That said, I think it also disabled being used as root as well.

If you want to avoid this sort of thing, just find a different tool for the job and use that. I use Krusader and it works fine, even has split views as a default. I also have PCmanFM and friends installed as well. Just find one those doesn't subscribe to the thought that making things hard for you is the only way to keep you safe. As I've posted before, maintaining a Gentoo install without root access is pretty much impossible. There is almost always some config file that has to be edited or something and generally, that requires root.

Hope that gives you some other options if you are interested. If not today, you may be later on.
_________________
My rig: Gigabyte GA-970A-UD3P mobo, AMD FX-8350 Eight-Core CPU, ZALMAN CNPS10X Performa CPU cooler,
G.SKILL 32GB DDR3 PC3 12800 Memory Nvidia GTX-650 video card LG W2253 Monitor
60TBs of hard drive space using LVM
Cooler Master HAF-932 Case
Back to top
View user's profile Send private message
wrc1944
Advocate
Advocate


Joined: 15 Aug 2002
Posts: 3456
Location: Gainesville, Florida

PostPosted: Sun Jul 28, 2019 7:34 pm    Post subject: Reply with quote

I'm more concerned with dolphin. The only way I can get it working as root now after the great proteusx patches are broken once again is to place this alias in /root/.bashrc.
Code:
alias kdol="export XDG_CURRENT_DESKTOP=kde && dolphin"

Then, in konsole, su to root, and type kdol, enter.

A root Dophin pops up again, with single-click opening of folders.
With just su'ing to root and typing dolphin opens it, but only with double-clicking functional, and apparently no way to set single-click.

With the original kdesu of yesteryear, it just worked with a simple kdesu dolphin, as a user. Then it was broken sometime in kde-4 IIRC, and we had to use the various patches to get root.

That was when I set up an alias "kdol="kdesu dolphin" in home/.bashrc, and just typing typing kdol in a user konsole popped up a dialog window where you entered the root password, and a full function root dolphin opened.

There, you could open as root any folder/file for editing, create/delete anything, and It was a perfect and efficient kde world. Now it just seems like a dream. :roll:
_________________
Main box- AsRock x370 Gaming K4
Ryzen 7 3700x, 3.6GHz, 16GB GSkill Flare DDR4 3200mhz
Samsung SATA 1000GB, Radeon HD R7 350 2GB DDR5
OpenRC Gentoo ~amd64 plasma, glibc-2.40-r5, gcc-14
kernel-6.12.3 USE=experimental python3_12.7-final-0
Back to top
View user's profile Send private message
Blind_Sniper
Guru
Guru


Joined: 20 Apr 2018
Posts: 370

PostPosted: Sun Jul 28, 2019 7:57 pm    Post subject: Reply with quote

I've just updated dolphin and kate without any problem and can run them as root without any aliases and exportes, just using "kdesu dolphin"
I have no idea what's wrong with patches (I do not use any patches), but building dolphin manually works still just fine:
1.
Code:
ebuild /usr/portage/kde-apps/dolphin/dolphin-19.04.3.ebuild fetch

2.
Code:
ebuild /usr/portage/kde-apps/dolphin/dolphin-19.04.3.ebuild unpack

3.remove from /var/tmp/portage/kde-apps/dolphin-19.04.3/work/src/main.cpp this snippet of code:
Code:
#ifndef Q_OS_WIN
    // Prohibit using sudo or kdesu (but allow using the root user directly)
    if (getuid() == 0) {
        if (!qEnvironmentVariableIsEmpty("SUDO_USER")) {
            std::cout << "Executing Dolphin with sudo is not possible due to unfixable security vulnerabilities." << std::endl;
            return EXIT_FAILURE;
        } else if (!qEnvironmentVariableIsEmpty("KDESU_USER")) {
            std::cout << "Executing Dolphin with kdesu is not possible due to unfixable security vulnerabilities." << std::endl;
            return EXIT_FAILURE;
        }
    }
#endif

and save changes. (I use mcedit for it, it can be done with nano as well)
4.
Code:
ebuild /usr/portage/kde-apps/dolphin/dolphin-19.04.3.ebuild compile

5.
Code:
ebuild /usr/portage/kde-apps/dolphin/dolphin-19.04.3.ebuild install

6.
Code:
ebuild /usr/portage/kde-apps/dolphin/dolphin-19.04.3.ebuild qmerge


I do it on every update without using any patches and it works
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Desktop Environments All times are GMT
Goto page Previous  1, 2, 3, 4, 5, 6, 7  Next
Page 4 of 7

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum