View previous topic :: View next topic |
Author |
Message |
wrc1944 Advocate
Joined: 15 Aug 2002 Posts: 3456 Location: Gainesville, Florida
|
Posted: Sun Apr 23, 2017 3:55 pm Post subject: kdesu dolphin as root not possible [SOLVED-again] |
|
|
With the 17.04 updates, with kdesu dolphin, I now get this: "Executing Dolphin as root is not possible."
As a 15 year kde user of Dolphin (as my main go to DE and file manager), and as I constantly use Dolphin as root for various things ever day, this is insane, ridiculous, infuriating, you name it. Are they trying to force users to move to xfce or gnome? Dolphin is the best by far file manager, but without root usage, in my case it becomes almost usless.
I looked at https://blog.martin-graesslin.com/blog/2017/02/editing-files-as-root and read all the arguments pro/con, and am still disgusted. If I want to use sudo variations for every file or folder I want to work with, I'd use Mint or Ububtu.
On the huge Suse thread on the subject, https://forums.opensuse.org/showthread.php/524150-Executing-Dolphin-as-root-is-not-possible/page13 on page 13 a poster says:
Quote: | I'd like to note that this check for running dolphin as root has been *removed* (i.e. patched out) in openSUSE's package meanwhile.
That means that it is possible to run dolphin as root again if using KDE:Applications, and it will continue to be possible in Leap 42.3 and Tumbleweed (even after 17.04.0 hits the repos).
|
Whatever they did on Suse to get normal kdesu functional, I urge the Gentoo kde people to please do the same. As it is, I'm now relegated to using a root Thunar session, which while it works OK, I much prefer Dolphin. In fact, so much, that I'd consider it mandatory for my main Linux distro. We really need this kdesu root option functionality back in Gentoo.
I'm stuck with a quandary: My beloved Gentoo without kdesu and having to use Thunar or even full Xfce4 DE, or openSuse with a fully normal kdesu dolphin kde implementation, and lose all the great and loved gentoo features.
All because a kde dev decides they want to remove the kde kdesu option??? I get the pro arguments, but removing the convienence of kdesu function for whatever reason(s) is simply unjustified. Nobody is forced to use kdesu, so what's the point of not having it available if users want to employ it? The so-called security concerns don't really convince me, or others currently posting on various threads.
Hopefully, kde devs will realize this is a bad idea, and will drive kde users to other solutions, no matter how much they like Dolphin, Kate, et al. To inform a user that they can no longer edit, copy/paste, etc. any file or folder they wisn in the kde DE running dolphin as root, is preposterous. _________________ Main box- AsRock x370 Gaming K4
Ryzen 7 3700x, 3.6GHz, 16GB GSkill Flare DDR4 3200mhz
Samsung SATA 1000GB, Radeon HD R7 350 2GB DDR5
OpenRC Gentoo ~amd64 plasma, glibc-2.40-r5, gcc-14
kernel-6.11.3 USE=experimental python3_12.7-final-0
Last edited by wrc1944 on Fri Aug 10, 2018 1:52 am; edited 2 times in total |
|
Back to top |
|
|
wrc1944 Advocate
Joined: 15 Aug 2002 Posts: 3456 Location: Gainesville, Florida
|
Posted: Sun Apr 23, 2017 6:52 pm Post subject: |
|
|
Looked in the full changelog, https://www.kde.org/announcements/fulllog_applications.php?version=17.04.0#dolphin and here's the specific commit that caused this: https://cgit.kde.org/dolphin.git/commit/?id=0bdd8e0b0516555c6233fdc7901e9b417cf89791
Code: | author Emmanuel Pescosta <emmanuelpescosta099@gmail.com> 2017-02-19 01:32:48 (GMT)
committer Emmanuel Pescosta <emmanuelpescosta099@gmail.com> 2017-02-19 01:39:52 (GMT)
commit 0bdd8e0b0516555c6233fdc7901e9b417cf89791 (patch)
tree 150c3e3f9dd206184fa079418ac9acd4ff6ffd31
parent bea831da5242373d6c60a2b542e535d2721051c0 (diff)
Disallow executing Dolphin as root on Linux
Basically a copy of commit kate/9adcebd3c2e476c8a32e9b455cc99f46b0e12a7e which was
written by Martin Grässlin.
Diffstat
-rw-r--r-- src/main.cpp 13
1 files changed, 13 insertions, 0 deletions
diff --git a/src/main.cpp b/src/main.cpp
index acba8da..789a529 100644
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -35,8 +35,21 @@
#include <KLocalizedString>
#include <Kdelibs4ConfigMigrator>
+#ifndef Q_OS_WIN
+#include <unistd.h>
+#endif
+#include <iostream>
+
extern "C" Q_DECL_EXPORT int kdemain(int argc, char **argv)
{
+#ifndef Q_OS_WIN
+ // Check whether we are running as root
+ if (getuid() == 0) {
+ std::cout << "Executing Dolphin as root is not possible." << std::endl;
+ return EXIT_FAILURE;
+ }
+#endif
+
QApplication app(argc, argv);
app.setAttribute(Qt::AA_UseHighDpiPixmaps, true);
app.setWindowIcon(QIcon::fromTheme(QStringLiteral("system-file-manager"), app.windowIcon()));
|
Is there anything preventing just removing this patch from the source code, and rebuilding dolphin, or is it more complex than that?
Sure wish Gentoo kde devs will consider getting rid of this problem.
A few sample comments from the blog: Quote: | The sudoedit workflow you suggest to use is still a lot less user-friendly than kdesu kwrite. You have to start the editor from the command line for each file, whereas you can open as many files as you want from kdesu kwrite, or even at the same time with kdesu kate. The kdesu version can also be made into a menu entry if it is needed often. Using sudoedit forces you to use the command line.
------------------
I hope this change isn’t just blindly accepted due to your name in the KDE community. I also hope this crusade against stopping users using kdesu does not go any further as it is useful for many applications. People use their computers to primariy get stuff done rather than fart about on a command line out of a misplaced worry about non-existent theoretical attacks from malware which most sensible computer users just are not affected by.
-------------------------
I find this absolutely unacceptable, and hope distributions will patch this nonsense out. kdesu kwrite is a very common operation (I do it regularly), and blindly refusing to run as root also breaks running the application in root sessions. And people will just use something else, just as Krusader’s easily accessible root mode, or a non-KDE editor.
--------------------------------------------------------------------------------------------
On the general topic, the greater threat is not root access, rather rogue applications having access to all a user’s personal data as that user. That requires an entire new architecture to fix, not simply getting in a user’s way like these temporary fixes. Therefore, you might as well not turn on your computer at all since your private data is vulnerable since you are using all those horrible unintuitive gui apps /sarcasm
------------------------------
What if I am using Dolphin in super-user mode and click on a text file to edit? This would mean I would then have to inconveniently open the command line and then type a cumbersome command just to edit the file.
---------------------------
“Starting GUI applications as root is extremely insecure”
It’s only extremely insecure if you already have malware running on your system, which is, as everyone already knows, extremely insecure.
---------------------------
Meanwhile: don’t hinder people’s lives, people who care about security don’t have malware, and shouldn’t be “awarded” with worse command-line editors when KDE software is better.
---------------------------------
Perhaps you edit a few files as root, but people who need to edit a lot… won’t be using sudoedit, they will use gedit or similar, and will stop using Kate. At least give them KDE options.
-----------------------------------
Exactly. Especially as nothing is more frustrating than forgetting that you need to edit file as root, editting it as user and getting the error that you cannot write to it after pressing Ctrl+S.
---------------------------------
All this will accomplish is that people will switch to using a GUI editor the *can* start as root.
I understand your reasoning, but this is the wrong way to go about it. |
_________________ Main box- AsRock x370 Gaming K4
Ryzen 7 3700x, 3.6GHz, 16GB GSkill Flare DDR4 3200mhz
Samsung SATA 1000GB, Radeon HD R7 350 2GB DDR5
OpenRC Gentoo ~amd64 plasma, glibc-2.40-r5, gcc-14
kernel-6.11.3 USE=experimental python3_12.7-final-0 |
|
Back to top |
|
|
BobWya Apprentice
Joined: 12 Aug 2012 Posts: 228 Location: Cambridge,UK
|
Posted: Mon Apr 24, 2017 5:30 pm Post subject: |
|
|
wrc1944 wrote: | ...
Is there anything preventing just removing this patch from the source code, and rebuilding dolphin, or is it more complex than that?
Sure wish Gentoo kde devs will consider getting rid of this problem.
... |
I've already got anti- anti-root user patches in place for kate and kwrite... It's much easier to do it that way... Just carry these over from release to release...
This test (for running as root) is dumb - the sort of code I'd write! The correct way to do it (as was stated in Martin's blog comments) is to elevate to root (using policykit) when you need to actually save (write to) the file - in the case of the KDE text editors.
These new restrictions are really annoying and get in the way of my workflow... Thankfull, on Gentoo, it's easy to blast them to /dev/null !!
Bob _________________ system: G751JT (ASUS-NotebookSKU); processor: Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz; memory: 32GiB System Memory; display: GM204M [GeForce GTX 970M]; disk: 2048GB Samsung SSD 850;BD-CMB UJ172 S;1024GB Samsung SSD 850 |
|
Back to top |
|
|
Hu Administrator
Joined: 06 Mar 2007 Posts: 22714
|
Posted: Tue Apr 25, 2017 1:47 am Post subject: |
|
|
I do not use the affected programs, so their quirk does not affect me. That said, I wanted to point out that this is actually deficient in another way. With the right invocation of a user namespace, anyone can convince an unprivileged program that it is running as root, yet the namespace rules will (barring security bugs) prevent it from being any more dangerous than the invoking user. Thus, affected programs will needlessly fail to work in a user namespace.
Code: | $ /usr/bin/unshare --user --map-root-user -- /usr/bin/id
uid=0(root) gid=0(root) groups=0(root)
$ /usr/bin/unshare --user --map-root-user -- /bin/head -n1 /etc/shadow | wc
/bin/head: cannot open '/etc/shadow' for reading: Permission denied
# /usr/bin/unshare --user -- /usr/bin/id
uid=65534(nobody) gid=65534(nobody) groups=65534(nobody)
# /usr/bin/unshare --user -- /bin/head -n1 /etc/shadow | wc
1 1 128
|
|
|
Back to top |
|
|
Ant P. Watchman
Joined: 18 Apr 2009 Posts: 6920
|
Posted: Tue Apr 25, 2017 3:00 am Post subject: |
|
|
^ Good catch, I came here to point out exactly the same thing. This will make sandboxing insecure KDE apps via unprivileged containers (e.g. using firejail) a huge pain. |
|
Back to top |
|
|
wrc1944 Advocate
Joined: 15 Aug 2002 Posts: 3456 Location: Gainesville, Florida
|
Posted: Tue Apr 25, 2017 8:32 pm Post subject: |
|
|
Thanks to all for the feedback.
From my perspective, all of this is just too much trouble, and a bad move by kde, needlessly making my usage flow less than ideal, to put it mildly.
For me, there are many times I simply use "kdesu dolphin" (have alias kdol in .bashrc) and type in my root password, and can then conveniently do anything I wish as root in the nice dolphin GUI.
I work with stand-alone desktop systems, not on any network, and really have no security concerns that have caused me any problem in 15+ years of running linux systems. For me, running as root when needed is no big deal, and perfectly safe in most situations.
Of course I don't run anything as root while on the internet. If I find removing the "disable dolphin kdesu" patch is too much trouble, I'll be forced to stop using dolphin except for my "user" periods of usage.
I just updated my Kaos Linux (kde centric distro) partition to 17.04, and kdesu dolphin still functions as root as it has for many years. Don't personally know openSuse does, but users have said that is the case.
My current work-around is just installing pcmanfm-qt that has an "as root" option under the menu bar "tool" item. type in your root password, and a new pcmanfm root window pops up, looking pretty much as dolphin appears, with a few less features. I could almost live with that, however one little minor bug occurs where pcmanfm refuses to respect the "show hidden files" option when you restart pcmanfm. (apparently the "as root" option only works if you have gksu installed).
It just irks me that kde thinks they should now prevent a user from lauching dolphin in a root session if they so choose.
How about an optional Gentoo USE flag (with approriate warnings) for enabling kdesu so users can opt in for the very useful "kdesu dolphin" again? _________________ Main box- AsRock x370 Gaming K4
Ryzen 7 3700x, 3.6GHz, 16GB GSkill Flare DDR4 3200mhz
Samsung SATA 1000GB, Radeon HD R7 350 2GB DDR5
OpenRC Gentoo ~amd64 plasma, glibc-2.40-r5, gcc-14
kernel-6.11.3 USE=experimental python3_12.7-final-0 |
|
Back to top |
|
|
Nsane457 n00b
Joined: 25 Nov 2004 Posts: 45
|
|
Back to top |
|
|
Hu Administrator
Joined: 06 Mar 2007 Posts: 22714
|
Posted: Wed Apr 26, 2017 1:38 am Post subject: |
|
|
Ant P. wrote: | This will make sandboxing insecure KDE apps via unprivileged containers (e.g. using firejail) a huge pain. | It depends on the container. A user namespace can make getuid lie in either direction, telling privileged programs they are unprivileged or telling unprivileged programs that they are privileged. Although /usr/bin/unshare lacks the command line options to do so, you can even tell an unprivileged user that it is a different unprivileged user (or is the same UID, which you might do if you only created the user namespace so that you could create other namespaces (mount, pid, network, etc.)). |
|
Back to top |
|
|
peakeyed n00b
Joined: 18 Nov 2004 Posts: 60
|
Posted: Sun Jul 02, 2017 7:52 pm Post subject: thanks |
|
|
Nsane457, Thank you for the patches. |
|
Back to top |
|
|
steveL Watchman
Joined: 13 Sep 2006 Posts: 5153 Location: The Peanut Gallery
|
Posted: Tue Jul 04, 2017 1:21 pm Post subject: |
|
|
Yeah, good work Nsane.
Glad to hear other distros aren't going along with this nonsense. |
|
Back to top |
|
|
papu l33t
Joined: 25 Jan 2008 Posts: 729 Location: Sota algun pi o alzina...
|
Posted: Tue Jul 04, 2017 4:20 pm Post subject: Re: Reverse patches |
|
|
i don't know how to use this patch, i am interested on dolphin , but thanks at all _________________ --so ~amd64 & openrc --cpu 7700 non-x --ram 2x16GB --gpu RX 470 |
|
Back to top |
|
|
dalek Veteran
Joined: 19 Sep 2003 Posts: 1353 Location: Mississippi USA
|
Posted: Tue Jul 04, 2017 4:47 pm Post subject: Re: Reverse patches |
|
|
papu wrote: |
i don't know how to use this patch, i am interested on dolphin , but thanks at all |
This should help. Note the path and the contents of the text file. Just reproduce it.
Code: | root@fireball / # cat /etc/portage/patches/kde-apps/dolphin/allow-root.patch
diff -Naur dolphin-17.04.0.old/src/main.cpp dolphin-17.04.0/src/main.cpp
--- dolphin-17.04.0.old/src/main.cpp 2017-04-25 02:44:57.440557635 -0400
+++ dolphin-17.04.0/src/main.cpp 2017-04-25 02:45:22.535328410 -0400
@@ -35,21 +35,8 @@
#include <KLocalizedString>
#include <Kdelibs4ConfigMigrator>
-#ifndef Q_OS_WIN
-#include <unistd.h>
-#endif
-#include <iostream>
-
extern "C" Q_DECL_EXPORT int kdemain(int argc, char **argv)
{
-#ifndef Q_OS_WIN
- // Check whether we are running as root
- if (getuid() == 0) {
- std::cout << "Executing Dolphin as root is not possible." << std::endl;
- return EXIT_FAILURE;
- }
-#endif
-
QApplication app(argc, argv);
app.setAttribute(Qt::AA_UseHighDpiPixmaps, true);
app.setWindowIcon(QIcon::fromTheme(QStringLiteral("system-file-manager"), app.windowIcon()));
root@fireball / # |
Once you reproduce that, just re-emerge it. It worked here. _________________ My rig: Gigabyte GA-970A-UD3P mobo, AMD FX-8350 Eight-Core CPU, ZALMAN CNPS10X Performa CPU cooler,
G.SKILL 32GB DDR3 PC3 12800 Memory Nvidia GTX-650 video card LG W2253 Monitor
60TBs of hard drive space using LVM
Cooler Master HAF-932 Case |
|
Back to top |
|
|
BobWya Apprentice
Joined: 12 Aug 2012 Posts: 228 Location: Cambridge,UK
|
Posted: Tue Jul 04, 2017 5:01 pm Post subject: Re: Reverse patches |
|
|
papu wrote: | ...
i don't know how to use this patch, i am interested on dolphin , but thanks at all |
See also the Gentoo Wiki page that covers applying user patches...
Bob _________________ system: G751JT (ASUS-NotebookSKU); processor: Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz; memory: 32GiB System Memory; display: GM204M [GeForce GTX 970M]; disk: 2048GB Samsung SSD 850;BD-CMB UJ172 S;1024GB Samsung SSD 850 |
|
Back to top |
|
|
jhon987 Guru
Joined: 18 Nov 2013 Posts: 302
|
Posted: Fri Aug 18, 2017 3:34 pm Post subject: |
|
|
The "dolphin as root not possible" just hit stable branch, and it wasn't but a mere few hours that I quickly realized I need to patch this user dispowering behavior out.
Thanks for the thread and patches, and also the quick instructions of how to apply the patches... |
|
Back to top |
|
|
Fitzcarraldo Advocate
Joined: 30 Aug 2008 Posts: 2056 Location: United Kingdom
|
Posted: Sat Aug 19, 2017 2:39 pm Post subject: Re: Reverse patches |
|
|
Thanks for the patches, Nsane457. I've applied them to Dolphin/Kate/KWrite 17.04.3. Until today I was unaware KDE developers had sprung this new restriction on users. Mother knows best. _________________ Clevo W230SS: amd64, VIDEO_CARDS="intel modesetting nvidia".
Compal NBLB2: ~amd64, xf86-video-ati. Dual boot Win 7 Pro 64-bit.
OpenRC systemd-utils[udev] elogind KDE on both.
My blog |
|
Back to top |
|
|
Ridrok Tux's lil' helper
Joined: 26 Jan 2014 Posts: 110 Location: France
|
Posted: Wed Aug 30, 2017 4:58 pm Post subject: |
|
|
Thanks you so much for finding the commits which did that Nsane457.
I did apply these patches too, I don't see a reason why they did that. Even if I don't use them as root often we are all free to take the risk we want on our linux installations. |
|
Back to top |
|
|
wrc1944 Advocate
Joined: 15 Aug 2002 Posts: 3456 Location: Gainesville, Florida
|
Posted: Wed Aug 30, 2017 7:44 pm Post subject: |
|
|
I assume we can just rename the patches and replace 17.04 with 17.08 in the patch text, and it will work?
Correct? _________________ Main box- AsRock x370 Gaming K4
Ryzen 7 3700x, 3.6GHz, 16GB GSkill Flare DDR4 3200mhz
Samsung SATA 1000GB, Radeon HD R7 350 2GB DDR5
OpenRC Gentoo ~amd64 plasma, glibc-2.40-r5, gcc-14
kernel-6.11.3 USE=experimental python3_12.7-final-0 |
|
Back to top |
|
|
asturm Developer
Joined: 05 Apr 2007 Posts: 9294
|
Posted: Wed Aug 30, 2017 7:47 pm Post subject: |
|
|
No rename necessary if you placed your patches inside /etc/portage/patches/kde-apps/dolphin |
|
Back to top |
|
|
Holysword l33t
Joined: 19 Nov 2006 Posts: 946 Location: Greece
|
Posted: Fri Oct 20, 2017 4:45 pm Post subject: |
|
|
wrc1944 wrote: | How about an optional Gentoo USE flag (with approriate warnings) for enabling kdesu so users can opt in for the very useful "kdesu dolphin" again? |
Any comment on this specific line?
I'd be more than interested in that.
If I'd have to apply the patches manually every time that a new KDE update is available in the tree comes up with an update (which is fairly often) I'd drop the whole KDE suite instead and find something else. _________________ "Nolite arbitrari quia venerim mittere pacem in terram non veni pacem mittere sed gladium" (Yeshua Ha Mashiach) |
|
Back to top |
|
|
asturm Developer
Joined: 05 Apr 2007 Posts: 9294
|
Posted: Fri Oct 20, 2017 5:03 pm Post subject: |
|
|
You've never heard of epatch_user, did you? |
|
Back to top |
|
|
Holysword l33t
Joined: 19 Nov 2006 Posts: 946 Location: Greece
|
Posted: Fri Oct 20, 2017 5:34 pm Post subject: |
|
|
asturm wrote: | You've never heard of epatch_user, did you? |
No, not really.
Will it really be able to apply this patch even if the source code varies a lot? _________________ "Nolite arbitrari quia venerim mittere pacem in terram non veni pacem mittere sed gladium" (Yeshua Ha Mashiach) |
|
Back to top |
|
|
asturm Developer
Joined: 05 Apr 2007 Posts: 9294
|
Posted: Fri Oct 20, 2017 5:39 pm Post subject: |
|
|
No, of course not. But is that particular part of the code changing much? I doubt so. You'll find out anyway.
Meanwhile upstream is working on a real solution around kio/kauth support which we hopefully are going to see in kf-5.40/kde-apps-17.12. |
|
Back to top |
|
|
dalek Veteran
Joined: 19 Sep 2003 Posts: 1353 Location: Mississippi USA
|
Posted: Fri Oct 20, 2017 7:05 pm Post subject: |
|
|
Holysword wrote: | asturm wrote: | You've never heard of epatch_user, did you? |
No, not really.
Will it really be able to apply this patch even if the source code varies a lot? |
I've been using it this way for a while and so far, it works. If it stops working, I'll post here and most likely, others will too. _________________ My rig: Gigabyte GA-970A-UD3P mobo, AMD FX-8350 Eight-Core CPU, ZALMAN CNPS10X Performa CPU cooler,
G.SKILL 32GB DDR3 PC3 12800 Memory Nvidia GTX-650 video card LG W2253 Monitor
60TBs of hard drive space using LVM
Cooler Master HAF-932 Case |
|
Back to top |
|
|
wrc1944 Advocate
Joined: 15 Aug 2002 Posts: 3456 Location: Gainesville, Florida
|
Posted: Fri Oct 20, 2017 8:07 pm Post subject: |
|
|
The 17.04 patches in /etc/portage/patches/kde-apps/dolphin/ are still working for my kde-apps/dolphin-17.08.2
plasma-meta-5.11.1
KDE Frameworks 5.39.0
Qt 5.9.2 (built against 5.9.2) system. _________________ Main box- AsRock x370 Gaming K4
Ryzen 7 3700x, 3.6GHz, 16GB GSkill Flare DDR4 3200mhz
Samsung SATA 1000GB, Radeon HD R7 350 2GB DDR5
OpenRC Gentoo ~amd64 plasma, glibc-2.40-r5, gcc-14
kernel-6.11.3 USE=experimental python3_12.7-final-0 |
|
Back to top |
|
|
Hu Administrator
Joined: 06 Mar 2007 Posts: 22714
|
Posted: Sat Oct 21, 2017 12:53 am Post subject: |
|
|
Even if epatch_user works, it's a fairly ugly approach for a problem encountered by numerous users. When the patch is managed locally, every system that needs it must prepare it independently; users need to stumble across a discussion of the problem before they are aware it can be changed; if it breaks, every system needs to find where someone posted an updated version and update the local patch accordingly. When it's managed by a USE flag, it's easy to discover, it's managed in one place by a maintainer, and it's easier for new users to activate than a local patch would be. |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|