Originally posted by kubicle
View Post
-
You are misreading the patch. It will prevent dolphin from running if either of the variables is set (and the variables are set by sudo and kdesu, respectively).Originally posted by GreyGeek View Post
So it will prevent dolphin from launching as root if started with sudo or kdesu. It only launches as root from a true root environment. IOW, the patch is not meant to re-enable sudo/kdesu root functionality with dolphin.Leave a comment:
-
Interesting. So is the patch:
"Unfixable security vulnerabilities" is what I though.Code:[COLOR=#ff0000]- [/COLOR] [s]std::cout << "Executing Dolphin as root is not possible." << std::endl;[/s] [COLOR=#ff0000]- [/COLOR] [s]return EXIT_FAILURE;[/s] [COLOR=#008000]+ [/COLOR] if (!qEnvironmentVariableIsEmpty("SUDO_USER")) { [COLOR=#008000]+[/COLOR] std::cout << [COLOR=#ff0000]"Executing Dolphin with sudo is not possible due to unfixable security vulnerabilities[/COLOR]." << std::endl; [COLOR=#008000]+[/COLOR] return EXIT_FAILURE; [COLOR=#008000]+ [/COLOR] } else if (!qEnvironmentVariableIsEmpty("KDESU_USER")) { [COLOR=#008000]+[/COLOR] std::cout << [COLOR=#ff0000]"Executing Dolphin with kdesu is not possible due to unfixable security vulnerabilities.[/COLOR]" << std::endl; [COLOR=#008000]+ [/COLOR] return EXIT_FAILURE; + }
So, will the user have to populate the env variables "SUDO_USER" and "KDESU_USER" in order to be able to run Dolphin as root, or will they be populated by the devs?
Also, I have no plans to update to 18.08 in August, so how long do you suspect it will be before that patch is in the backports?Leave a comment:
-
Bug 387974 - Allow Dolphin to be launched when logged in as root user (NOT sudo'd in a user session) : https://bugs.kde.org/show_bug.cgi?id=387974
--> https://bugs.kde.org/show_bug.cgi?id=387974#c15
...
FIXED-IN: 18.08.0
- Log in as normal user and run `sudo dolphin`: you get an error message.
- Log in as normal user and run `kdesu dolphin`: you get an error message.
- Log in as the root user and run dolphin normally: it works.
...Leave a comment:
-
He lays out well the arguments for reverting the Dolphin prohibition of running with root permission from a user’s desktop.
It’s confusing, however. I can see running Dolphin as root by opening a Konsole and issuing “kdesudo Dolphin”, as we used to do. But, since the root account isn’t active and the Plasma-desktop isn’t running as root, I don’t see how he can run Dolphin as root in the root account.
His whole discussion leaves me with the impression that blocking Dolphin running from the user account using kdesudo was done to cover a security hole they’ve found but can’t fix without complicated patching or a massive re-write.
Leave a comment:
-
A review request
Implement a more user-friendly run-as-root-or-sudo behavior: https://phabricator.kde.org/D12732
... to revisit the issue of not allowing Dolphin to run with elevated privileges, and make the case that the way this change was implemented was user-hostile and sub-optimal...Leave a comment:
-
I have framework 5.33.0 and Dolphiin 17.04.0. I installed the Kate service menu. I can right mouse on /etc/fstab from Dolphin and select "Sudoeditor Kate", enter my passwd, and edit the file as root, too. As a solution this works for me as far as editing root config files. I still use mc for the other stuff.Originally posted by vinnywright View PostLeave a comment:
-
I got an update to KDE-Frameworks-5.34 yesterday ,,,and yes I can just click ,,,,,say /etc/fstab ,,Kate will open it ,I can edit it , click save ,and a password box pops up ,,,enter my password and it saves my edits .
still no making a new directory , moving , or linking in dolphin as yet however ,
VINNYLeave a comment:
-
KDE file manager problem
After reading the proposal and patch it appears that instead of something like "kdesudo dolphin" we'll just start Dolphin as if we were going to edit our own files but Polkit will detect attempts to edit system files and request the password, which will be active for five minutes or so, just like sudo is in a konsole. The proposed warning dialog will be annoying unless it is made part of the password request dialog.
Sent from my iPhone using TapatalkLeave a comment:
-
Kio with polkit
Planet KDE: https://planet.kde.org/
--> KIO will get Polkit support this summer: http://rpchinmoy.blogspot.fi/2017/05...is-summer.htmlLeave a comment:
-
Light at the end of the tunnel
elsewhere: https://bbs.archlinux.org/viewtopic....07635#p1707635
Schedules: https://community.kde.org/Schedules -> Frameworks: https://community.kde.org/Schedules/FrameworksWith frameworks 5.34 it will be possible to edit root owned files without having to run kate as root...
Probably this: KAuth integration in document saving - https://phabricator.kde.org/D48475.34 (expected) Sat May 13th, 2017
and https://phabricator.kde.org/D5394
with the kio file (Dolphin) https://phabricator.kde.org/D4847#101163Before this patch: if one opens a write protected document, makes changes and then wants to save, error message occurs about insufficient privileges or disk space.
With this patch kate-part will try to save the document contents with elevated privileges in case the regular save failed. So that KAuth graphical prompt is presented to user...
In D4847#101163, @aacid wrote:
How is this related with https://phabricator.kde.org/T5202 ?
Once implemented, it will be possible to get kauth for free when calling (for example) KIO::move(). Not sure if that's enough for what this patch does, though.Last edited by Rog131; Apr 30, 2017, 01:49 AM.Leave a comment:
-
Originally posted by Rog131 View PostYou could launch the kate with the sudoedit - earlier:
- https://www.kubuntuforums.net/showth...l=1#post397654
- https://www.kubuntuforums.net/showth...l=1#post397659
As a KDE Service Menu: https://www.kubuntuforums.net/showth...156#post399156
yes I just figured out how to use the kdialog to launch kate like this ,,,,,,around the time you were posting this I'm guessing ...
as I could never find a"sudoeditpass.pl" as in one of your other exampels .Code:export EDITOR=/usr/bin/kate ; export SUDO_ASKPASS=/home/vinny/test/kdialog1 ; sudoedit -A /etc/fstab
I just made the service menu you give example for (all root work was done in a root Krusaders text editor),,,,,,,,,,, it's working well ,,,,after changing the path to the SUDO_ASKPASS script
VINNYLast edited by vinnywright; Apr 08, 2017, 04:08 PM.Leave a comment:
-
You could launch the kate with the sudoedit - earlier:Originally posted by vinnywright View Post
- https://www.kubuntuforums.net/showth...l=1#post397654
- https://www.kubuntuforums.net/showth...l=1#post397659
As a KDE Service Menu: https://www.kubuntuforums.net/showth...156#post399156
Leave a comment:
-
Makes sense to me. I haven't received the new security "feature" in Sid yet but it appears collectively we're pretty well prepared for itOriginally posted by GreyGeek View Post
Leave a comment:
-
I checked my environment using "env" and didn't notice either EDITOR or VISUAL in my env settings, nor did I see them in the root env settings.Originally posted by wizard10000 View PostThat's what I thought as well, but when you get back at a PC there's a pretty good discussion here -
https://unix.stackexchange.com/quest...the-difference
Apparently the two variables have different meanings in bash; both of them are text editors and bash apparently calls $VISUAL and if that fails, calls $EDITOR.
I probably shouldn't mention there's also a $SYSTEMD_EDITOR variable in there
The man page of sudoedit states:
In that quote you gave one person suspected that VISUAL was for GUI editors (which might require a KDESUDO prepend) and EDITOR was for the CLI.2. The editor specified by the policy is run to edit the temporary files. The sudoers policy uses
the SUDO_EDITOR, VISUAL and EDITOR environment variables (in that order). If none of
SUDO_EDITOR, VISUAL or EDITOR are set, the first program listed in the editor sudoers(5) option
is used.
So, I suspect that in order to avoid confusion with other programs that may use either "EDITOR" or "VISUAL" (which is a new one to me) it might be best to set
export SUDO_EDITOR=nano
in ~./bashrc
specifically for sudoedit. At least that's what I'm going to do. Or, better yet, set it to mc. That way I have both file management and editing capabilities.Last edited by GreyGeek; Apr 08, 2017, 10:40 AM.Leave a comment:
Leave a comment: