Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
kdesu dolphin as root not possible [SOLVED-again]
View unanswered posts
View posts from last 24 hours

Goto page Previous  1, 2, 3, 4  
Reply to topic    Gentoo Forums Forum Index Desktop Environments
View previous topic :: View next topic  
Author Message
fedeliallalinea
Bodhisattva
Bodhisattva


Joined: 08 Mar 2003
Posts: 21362
Location: here

PostPosted: Mon Aug 06, 2018 5:57 am    Post subject: Reply with quote

natrix wrote:
The patch not work, emerge show this output. It was the same that dolphin:

It seems not a patch for kate-18.04.3, because now code is
kate/main.cpp:
...
#ifndef Q_OS_WIN
#include <unistd.h>
#endif
#include <iostream>


int main(int argc, char **argv)
{
#ifndef Q_OS_WIN
    /**
     * Check whether we are running as root
     **/
    if (getuid() == 0) {
        std::cout << "Executing Kate as root is not possible. To edit files as root use:" << std::endl;
        std::cout << "SUDO_EDITOR=kate sudoedit <file>" << std::endl;
        return 0;
    }
#endif
...

_________________
Questions are guaranteed in life; Answers aren't.
Back to top
View user's profile Send private message
proteusx
Apprentice
Apprentice


Joined: 21 Jan 2008
Posts: 228

PostPosted: Mon Aug 06, 2018 7:27 am    Post subject: Reply with quote

@natrix
Please post your complete build log.

@fedeliallalinea
The patches I posted will fail unless the portage patches have been applied first.
Back to top
View user's profile Send private message
PrSo
Tux's lil' helper
Tux's lil' helper


Joined: 01 Jun 2017
Posts: 128

PostPosted: Mon Aug 06, 2018 12:03 pm    Post subject: Reply with quote

Sorry for interrupting, and thank you proteusx for those patches.

On my system I had to make some modification of posted patches since offsets in dolphin's and kate's "main.cpp" files does not match.

Here it goes:

dolphin without modification of "root enable" warning:
Code:
--- a/src/main.cpp   2018-08-06 07:12:38.040074724 +0200
+++ b/src/main.cpp   2018-08-06 07:25:21.936760319 +0200
@@ -42,19 +42,6 @@
 
 extern "C" Q_DECL_EXPORT int kdemain(int argc, char **argv)
 {
-#ifndef Q_OS_WIN
-    // Prohibit using sudo or kdesu (but allow using the root user directly)
-    if (getuid() == 0) {
-        if (!qEnvironmentVariableIsEmpty("SUDO_USER")) {
-            std::cout << "Executing Dolphin with sudo is not possible due to unfixable security vulnerabilities." << std::endl;
-            return EXIT_FAILURE;
-        } else if (!qEnvironmentVariableIsEmpty("KDESU_USER")) {
-            std::cout << "Executing Dolphin with kdesu is not possible due to unfixable security vulnerabilities." << std::endl;
-            return EXIT_FAILURE;
-        }
-    }
-#endif
-
     QApplication app(argc, argv);
     app.setAttribute(Qt::AA_UseHighDpiPixmaps, true);
     app.setWindowIcon(QIcon::fromTheme(QStringLiteral("system-file-manager"), app.windowIcon()));


and kate:
Code:
--- a/kate/main.cpp   2018-08-06 08:14:55.563340125 +0200
+++ b/kate/main.cpp   2018-08-06 08:20:27.573348320 +0200
@@ -60,18 +60,6 @@
 
 int main(int argc, char **argv)
 {
-#ifndef Q_OS_WIN
-    // Prohibit using sudo or kdesu (but allow using the root user directly)
-    if (getuid() == 0) {
-        if (!qEnvironmentVariableIsEmpty("SUDO_USER")) {
-            std::cout << "Executing Kate with sudo is not possible due to unfixable security vulnerabilities." << std::endl;
-            return EXIT_FAILURE;
-        } else if (!qEnvironmentVariableIsEmpty("KDESU_USER")) {
-            std::cout << "Executing Kate with kdesu is not possible due to unfixable security vulnerabilities." << std::endl;
-            return EXIT_FAILURE;
-        }
-    }
-#endif
     /**
      * init resources from our static lib
      */


I have paced them accordingly in "/etc/portage/patches/kde-apps/dolphin" and "/etc/portage/patches/kde-apps/kate".

Both compile just fine, and executing dolphin and kate through kdesu works.

I hope this helps, and thank you once again proteusx.
Back to top
View user's profile Send private message
wrc1944
Advocate
Advocate


Joined: 15 Aug 2002
Posts: 3210
Location: Gainesville, Florida

PostPosted: Mon Aug 06, 2018 3:50 pm    Post subject: Reply with quote

FWIW, the /etc/portage/patches/kde-apps/kate/kate-18.04-root.patch works fine here.
Applies OK for me:
Code:
>>> Emerging (1 of 1) kde-apps/kate-18.04.3::gentoo
 * kate-18.04.3.tar.xz BLAKE2B SHA512 size ;-) ...                                                                                                             [ ok ]
>>> Unpacking source...
>>> Unpacking kate-18.04.3.tar.xz to /var/tmp/portage/kde-apps/kate-18.04.3/work
>>> Source unpacked in /var/tmp/portage/kde-apps/kate-18.04.3/work
>>> Preparing source in /var/tmp/portage/kde-apps/kate-18.04.3/work/kate-18.04.3 ...
 * Applying kate-18.04.3-root-user.patch ...                                                                                                                   [ ok ]
 * Applying kate-18.04-root.patch ...
patch unexpectedly ends in middle of line                                                                                                                      [ ok ]
 * User patches applied


The line "patch unexpectedly ends in middle of line" was also in the dolphin patch, but seems to make no difference, as both still work perfectly. Dolphin & kate open as root, and run normally.
_________________
Main box- AsRock x370 Gaming K4
Ryzen 1700, 3.0GHz, 16GB GSkill Flare DDR4 3200mhz
Samsung SATA 1000GB, Radeon HD R7 350 2GB DDR5
Gentoo ~amd64 plasma, glibc-2.29-r2, gcc-8.3.0-r1 kernel-5.0.7-gentoo USE=experimental
Back to top
View user's profile Send private message
natrix
Guru
Guru


Joined: 23 Aug 2013
Posts: 532

PostPosted: Tue Aug 07, 2018 12:51 am    Post subject: Reply with quote

PrSo: the patch to Kate work fine!

proteusx and PrSo:
A very useful contribution.
Thank you!!
Back to top
View user's profile Send private message
jhon987
Apprentice
Apprentice


Joined: 18 Nov 2013
Posts: 225

PostPosted: Sat Feb 09, 2019 2:40 pm    Post subject: Reply with quote

What about a patch for kwrie-18.18?
Back to top
View user's profile Send private message
proteusx
Apprentice
Apprentice


Joined: 21 Jan 2008
Posts: 228

PostPosted: Sun Feb 10, 2019 3:41 am    Post subject: Reply with quote

kwrite-18-root.patch

Code:
--- a/kwrite/main.cpp
+++ b/kwrite/main.cpp
@@ -42,25 +42,8 @@
 
 #include "../urlinfo.h"
 
-#ifndef Q_OS_WIN
-#include <unistd.h>
-#endif
-#include <iostream>
-
 extern "C" Q_DECL_EXPORT int main(int argc, char **argv)
 {
-#ifndef Q_OS_WIN
-    // Prohibit using sudo or kdesu (but allow using the root user directly)
-    if (getuid() == 0) {
-        if (!qEnvironmentVariableIsEmpty("SUDO_USER")) {
-            std::cout << "Executing Kate with sudo is not possible due to unfixable security vulnerabilities." << std::endl;
-            return EXIT_FAILURE;
-        } else if (!qEnvironmentVariableIsEmpty("KDESU_USER")) {
-            std::cout << "Executing Kate with kdesu is not possible due to unfixable security vulnerabilities." << std::endl;
-            return EXIT_FAILURE;
-        }
-    }
-#endif
     /**
      * Create application first
      * Enforce application name even if the executable is renamed
Back to top
View user's profile Send private message
jhon987
Apprentice
Apprentice


Joined: 18 Nov 2013
Posts: 225

PostPosted: Sun Feb 10, 2019 6:38 am    Post subject: Reply with quote

proteusx wrote:
kwrite-18-root.patch

Code:
--- a/kwrite/main.cpp
+++ b/kwrite/main.cpp
@@ -42,25 +42,8 @@
 
 #include "../urlinfo.h"
 
-#ifndef Q_OS_WIN
-#include <unistd.h>
-#endif
-#include <iostream>
-
 extern "C" Q_DECL_EXPORT int main(int argc, char **argv)
 {
-#ifndef Q_OS_WIN
-    // Prohibit using sudo or kdesu (but allow using the root user directly)
-    if (getuid() == 0) {
-        if (!qEnvironmentVariableIsEmpty("SUDO_USER")) {
-            std::cout << "Executing Kate with sudo is not possible due to unfixable security vulnerabilities." << std::endl;
-            return EXIT_FAILURE;
-        } else if (!qEnvironmentVariableIsEmpty("KDESU_USER")) {
-            std::cout << "Executing Kate with kdesu is not possible due to unfixable security vulnerabilities." << std::endl;
-            return EXIT_FAILURE;
-        }
-    }
-#endif
     /**
      * Create application first
      * Enforce application name even if the executable is renamed


Thank you very much proteusx, it works just as expected!
Back to top
View user's profile Send private message
nordicruler
n00b
n00b


Joined: 20 Dec 2004
Posts: 59

PostPosted: Sat Feb 23, 2019 1:34 am    Post subject: Reply with quote

Any working patch for dolphin-18.12.2?
Back to top
View user's profile Send private message
proteusx
Apprentice
Apprentice


Joined: 21 Jan 2008
Posts: 228

PostPosted: Sat Feb 23, 2019 12:40 pm    Post subject: Reply with quote

Code:
kdesu dolphin &
still works for dolphin-18.12.2, if patched as per above.
Back to top
View user's profile Send private message
nordicruler
n00b
n00b


Joined: 20 Dec 2004
Posts: 59

PostPosted: Sat Feb 23, 2019 2:54 pm    Post subject: Reply with quote

proteusx wrote:
Code:
kdesu dolphin &
still works for dolphin-18.12.2, if patched as per above.


I already tried a few times and its not working.

Code:
>>> Unpacking source...
>>> Unpacking dolphin-18.12.2.tar.xz to /var/tmp/gentoo/portage/kde-apps/dolphin-18.12.2/work
>>> Source unpacked in /var/tmp/gentoo/portage/kde-apps/dolphin-18.12.2/work
>>> Preparing source in /var/tmp/gentoo/portage/kde-apps/dolphin-18.12.2/work/dolphin-18.12.2 ...
 * Applying dolphin-18.12.2-root.patch ...
1 out of 1 hunk FAILED -- saving rejects to file src/main.cpp.rej
 [ !! ]
 * ERROR: kde-apps/dolphin-18.12.2::gentoo failed (prepare phase):
 *   patch -p1  failed with /etc/portage/patches/kde-apps/dolphin/dolphin-18.12.2-root.patch
 *
 * Call stack:
 *               ebuild.sh, line  124:  Called src_prepare
 *             environment, line 2647:  Called kde5_src_prepare
 *             environment, line 2104:  Called cmake-utils_src_prepare
 *             environment, line 1206:  Called default_src_prepare
 *      phase-functions.sh, line  933:  Called __eapi6_src_prepare
 *             environment, line  325:  Called eapply_user
 *             environment, line 1421:  Called eapply '/etc/portage/patches/kde-apps/dolphin/dolphin-18.12.2-root.patch'
 *             environment, line 1391:  Called _eapply_patch '/etc/portage/patches/kde-apps/dolphin/dolphin-18.12.2-root.patch'
 *             environment, line 1329:  Called __helpers_die 'patch -p1  failed with /etc/portage/patches/kde-apps/dolphin/dolphin-18.12.2-root.patch'
 *   isolated-functions.sh, line  119:  Called die
 * The specific snippet of code:
 *              die "$@"
Back to top
View user's profile Send private message
proteusx
Apprentice
Apprentice


Joined: 21 Jan 2008
Posts: 228

PostPosted: Sat Feb 23, 2019 3:54 pm    Post subject: Reply with quote

Here is the dolphin patch I use.
Code:
 
--- a/src/dolphinviewcontainer.cpp
+++ b/src/dolphinviewcontainer.cpp
@@ -108,14 +108,6 @@
     m_messageWidget->setCloseButtonVisible(true);
     m_messageWidget->hide();
 
-#ifndef Q_OS_WIN
-    if (getuid() == 0) {
-
-        // We must be logged in as the root user; show a big scary warning
-        showMessage(i18n("Running Dolphin as root can be dangerous. Please be careful."), Warning);
-    }
-#endif
-
     m_view = new DolphinView(url, this);
     connect(m_view, &DolphinView::urlChanged,
             m_urlNavigator, &KUrlNavigator::setLocationUrl);
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -35,26 +35,8 @@
 #include <QApplication>
 #include <QCommandLineParser>
 
-#ifndef Q_OS_WIN
-#include <unistd.h>
-#endif
-#include <iostream>
-
 extern "C" Q_DECL_EXPORT int kdemain(int argc, char **argv)
 {
-#ifndef Q_OS_WIN
-    // Prohibit using sudo or kdesu (but allow using the root user directly)
-    if (getuid() == 0) {
-        if (!qEnvironmentVariableIsEmpty("SUDO_USER")) {
-            std::cout << "Executing Dolphin with sudo is not possible due to unfixable security vulnerabilities." << std::endl;
-            return EXIT_FAILURE;
-        } else if (!qEnvironmentVariableIsEmpty("KDESU_USER")) {
-            std::cout << "Executing Dolphin with kdesu is not possible due to unfixable security vulnerabilities." << std::endl;
-            return EXIT_FAILURE;
-        }
-    }
-#endif
-
     QApplication app(argc, argv);
     app.setAttribute(Qt::AA_UseHighDpiPixmaps, true);
     app.setWindowIcon(QIcon::fromTheme(QStringLiteral("system-file-manager"), app.windowIcon()));
 

I Verified it just now with dolphin-18.12.2 and it works.
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 13509

PostPosted: Sat Feb 23, 2019 5:05 pm    Post subject: Reply with quote

The exit path is triggered by the presence of the environment variable informing it that you are using it insecurely. Rather than continue patching every version, if you insist on overriding the security check, do so by creating a wrapper shell script that runs as root, removes those environment variables, then executes Dolphin.
Code:
$ a=1 /bin/sh -c '/usr/bin/env' | grep '^a='
a=1
$ a=1 /bin/sh -c 'export -n a; /usr/bin/env' | grep '^a='
$
Back to top
View user's profile Send private message
nordicruler
n00b
n00b


Joined: 20 Dec 2004
Posts: 59

PostPosted: Sun Feb 24, 2019 4:45 am    Post subject: Reply with quote

Still not working with this patch

proteusx wrote:
Here is the dolphin patch I use.
Code:
 
--- a/src/dolphinviewcontainer.cpp
+++ b/src/dolphinviewcontainer.cpp
@@ -108,14 +108,6 @@
     m_messageWidget->setCloseButtonVisible(true);
     m_messageWidget->hide();
 
-#ifndef Q_OS_WIN
-    if (getuid() == 0) {
-
-        // We must be logged in as the root user; show a big scary warning
-        showMessage(i18n("Running Dolphin as root can be dangerous. Please be careful."), Warning);
-    }
-#endif
-
     m_view = new DolphinView(url, this);
     connect(m_view, &DolphinView::urlChanged,
             m_urlNavigator, &KUrlNavigator::setLocationUrl);
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -35,26 +35,8 @@
 #include <QApplication>
 #include <QCommandLineParser>
 
-#ifndef Q_OS_WIN
-#include <unistd.h>
-#endif
-#include <iostream>
-
 extern "C" Q_DECL_EXPORT int kdemain(int argc, char **argv)
 {
-#ifndef Q_OS_WIN
-    // Prohibit using sudo or kdesu (but allow using the root user directly)
-    if (getuid() == 0) {
-        if (!qEnvironmentVariableIsEmpty("SUDO_USER")) {
-            std::cout << "Executing Dolphin with sudo is not possible due to unfixable security vulnerabilities." << std::endl;
-            return EXIT_FAILURE;
-        } else if (!qEnvironmentVariableIsEmpty("KDESU_USER")) {
-            std::cout << "Executing Dolphin with kdesu is not possible due to unfixable security vulnerabilities." << std::endl;
-            return EXIT_FAILURE;
-        }
-    }
-#endif
-
     QApplication app(argc, argv);
     app.setAttribute(Qt::AA_UseHighDpiPixmaps, true);
     app.setWindowIcon(QIcon::fromTheme(QStringLiteral("system-file-manager"), app.windowIcon()));
 

I Verified it just now with dolphin-18.12.2 and it works.


Code:
>>> Unpacking source...
>>> Unpacking dolphin-18.12.2.tar.xz to /var/tmp/gentoo/portage/kde-apps/dolphin-18.12.2/work
>>> Source unpacked in /var/tmp/gentoo/portage/kde-apps/dolphin-18.12.2/work
>>> Preparing source in /var/tmp/gentoo/portage/kde-apps/dolphin-18.12.2/work/dolphin-18.12.2 ...
 * Applying dolphin-18.12.2-root.patch ...
1 out of 1 hunk FAILED -- saving rejects to file src/dolphinviewcontainer.cpp.rej
1 out of 1 hunk FAILED -- saving rejects to file src/main.cpp.rej
 [ !! ]
 * ERROR: kde-apps/dolphin-18.12.2::gentoo failed (prepare phase):
 *   patch -p1  failed with /etc/portage/patches/kde-apps/dolphin/dolphin-18.12.2-root.patch
Back to top
View user's profile Send private message
proteusx
Apprentice
Apprentice


Joined: 21 Jan 2008
Posts: 228

PostPosted: Sun Feb 24, 2019 5:20 am    Post subject: Reply with quote

I cannot reproduce your problem.
Here the start of my build log.
Code:
 * Package:    kde-apps/dolphin-18.12.2
 * Repository: gentoo
 * Maintainer: kde@gentoo.org
 * USE:        abi_x86_64 amd64 elibc_glibc handbook kernel_linux userland_GNU
 * FEATURES:   preserve-libs sandbox userpriv usersandbox
>>> Unpacking source...
>>> Unpacking dolphin-18.12.2.tar.xz to /tmp/portage/kde-apps/dolphin-18.12.2/work
>>> Source unpacked in /tmp/portage/kde-apps/dolphin-18.12.2/work
>>> Preparing source in /tmp/portage/kde-apps/dolphin-18.12.2/work/dolphin-18.12.2 ...
 * Applying dolphin-18.04-root.patch ...
 [ ok ]
 * User patches applied.
>>> Source prepared.
>>> Configuring source in /tmp/portage/kde-apps/dolphin-18.12.2/work/dolphin-18.12.2 ...
>>> Working in BUILD_DIR: "/tmp/portage/kde-apps/dolphin-18.12.2/work/dolphin-18.12.2_build"
cmake -C /tmp/portage/kde-apps/dolphin-18.12.2/work/dolphin-18.12.2_build/gentoo_common_config.cmake -G Ninja -DCMAKE_INSTALL_PREFIX=/usr -DBUILD_TESTING=OFF -DKDE_INSTALL_USE_QT_SYS_PATHS=ON -DKDE_INSTALL_DOCBUNDLEDIR=/usr/share/help -DCMAKE_DISABLE_FIND_PACKAGE_KF5Baloo=ON -DCMAKE_DISABLE_FIND_PACKAGE_KF5BalooWidgets=ON -DCMAKE_DISABLE_FIND_PACKAGE_KF5FileMetaData=ON -DCMAKE_BUILD_TYPE=Gentoo -DCMAKE_TOOLCHAIN_FILE=/tmp/portage/kde-apps/dolphin-18.12.2/work/dolphin-18.12.2_build/gentoo_toolchain.cmake  /tmp/portage/kde-apps/dolphin-18.12.2/work/dolphin-18.12.2
loading initial cache file /tmp/portage/kde-apps/dolphin-18.12.2/work/dolphin-18.12.2_build/gentoo_common_config.cmake
-- The C compiler identification is GNU 6.4.0
-- The CXX compiler identification is GNU 6.4.0
-- Check for working C compiler: /usr/bin/x86_64-pc-linux-gnu-gcc
-- Check for working C compiler: /usr/bin/x86_64-pc-linux-gnu-gcc -- works
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- ................. and so on........

Have you perhaps applied another patch before this one?
Back to top
View user's profile Send private message
nordicruler
n00b
n00b


Joined: 20 Dec 2004
Posts: 59

PostPosted: Mon Feb 25, 2019 4:15 am    Post subject: Reply with quote

proteusx wrote:
I cannot reproduce your problem.
Here the start of my build log.
Code:
 * Package:    kde-apps/dolphin-18.12.2
 * Repository: gentoo
 * Maintainer: kde@gentoo.org
 * USE:        abi_x86_64 amd64 elibc_glibc handbook kernel_linux userland_GNU
 * FEATURES:   preserve-libs sandbox userpriv usersandbox
>>> Unpacking source...
>>> Unpacking dolphin-18.12.2.tar.xz to /tmp/portage/kde-apps/dolphin-18.12.2/work
>>> Source unpacked in /tmp/portage/kde-apps/dolphin-18.12.2/work
>>> Preparing source in /tmp/portage/kde-apps/dolphin-18.12.2/work/dolphin-18.12.2 ...
 * Applying dolphin-18.04-root.patch ...
 [ ok ]
 * User patches applied.
>>> Source prepared.
>>> Configuring source in /tmp/portage/kde-apps/dolphin-18.12.2/work/dolphin-18.12.2 ...
>>> Working in BUILD_DIR: "/tmp/portage/kde-apps/dolphin-18.12.2/work/dolphin-18.12.2_build"
cmake -C /tmp/portage/kde-apps/dolphin-18.12.2/work/dolphin-18.12.2_build/gentoo_common_config.cmake -G Ninja -DCMAKE_INSTALL_PREFIX=/usr -DBUILD_TESTING=OFF -DKDE_INSTALL_USE_QT_SYS_PATHS=ON -DKDE_INSTALL_DOCBUNDLEDIR=/usr/share/help -DCMAKE_DISABLE_FIND_PACKAGE_KF5Baloo=ON -DCMAKE_DISABLE_FIND_PACKAGE_KF5BalooWidgets=ON -DCMAKE_DISABLE_FIND_PACKAGE_KF5FileMetaData=ON -DCMAKE_BUILD_TYPE=Gentoo -DCMAKE_TOOLCHAIN_FILE=/tmp/portage/kde-apps/dolphin-18.12.2/work/dolphin-18.12.2_build/gentoo_toolchain.cmake  /tmp/portage/kde-apps/dolphin-18.12.2/work/dolphin-18.12.2
loading initial cache file /tmp/portage/kde-apps/dolphin-18.12.2/work/dolphin-18.12.2_build/gentoo_common_config.cmake
-- The C compiler identification is GNU 6.4.0
-- The CXX compiler identification is GNU 6.4.0
-- Check for working C compiler: /usr/bin/x86_64-pc-linux-gnu-gcc
-- Check for working C compiler: /usr/bin/x86_64-pc-linux-gnu-gcc -- works
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- ................. and so on........

Have you perhaps applied another patch before this one?


I recreated the patch and now its working. Both patch for kate and dolphin are working fine. Thanks.
Back to top
View user's profile Send private message
asturm
Developer
Developer


Joined: 05 Apr 2007
Posts: 6831
Location: Austria

PostPosted: Sun Mar 03, 2019 1:05 pm    Post subject: Reply with quote

kate/kwrite do not need any patching, nor be run with kdesu for editing root owned files. kauth is used to gain write permission when such files are saved.
_________________
backend.cpp:92:2: warning: #warning TODO - this error message is about as useful as a cooling unit in the arctic
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Desktop Environments All times are GMT
Goto page Previous  1, 2, 3, 4
Page 4 of 4

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum