blob: 8a65b66064bdd544e9ff454b555125840a0cf17e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
|
From 435ed5853b9451ab8fdfff722545c57a8f154625 Mon Sep 17 00:00:00 2001
From: Fabian Vogt <fabian@ritter-vogt.de>
Date: Sat, 18 Feb 2017 13:49:14 +0100
Subject: [PATCH] Defuse root block
While the main point is correct as any application running in the same
X session (not sandboxed) can use kate's capability to open a console,
we allow (even encourage) running YaST on X11 as root.
That way it's only an impact on usability.
---
kate/main.cpp | 3 +--
kwrite/main.cpp | 3 +--
2 files changed, 2 insertions(+), 4 deletions(-)
Index: kate/main.cpp
===================================================================
--- a/kate/main.cpp 2018-12-25 09:49:15.867478873 +0100
+++ b/kate/main.cpp 2018-12-25 09:49:19.231424088 +0100
@@ -47,21 +47,10 @@
int main(int argc, char **argv)
{
#if !defined(Q_OS_WIN) && !defined(Q_OS_HAIKU)
- // Prohibit using sudo or kdesu (but allow using the root user directly)
+ // Allow running Kate as root, but with a warning
if (getuid() == 0) {
- if (!qEnvironmentVariableIsEmpty("SUDO_USER")) {
- std::cout << "Running Kate with sudo can cause bugs and expose you to security vulnerabilities. "
- "Instead use Kate normally and you will be prompted for elevated privileges when "
- "saving documents if needed."
- << std::endl;
- return EXIT_FAILURE;
- } else if (!qEnvironmentVariableIsEmpty("KDESU_USER")) {
- std::cout << "Running Kate with kdesu can cause bugs and expose you to security vulnerabilities. "
- "Instead use Kate normally and you will be prompted for elevated privileges when "
- "saving documents if needed."
- << std::endl;
- return EXIT_FAILURE;
- }
+ std::cout << "THIS IS POTENTIALLY INSECURE!\nTo edit files as root please use:" << std::endl;
+ std::cout << "SUDO_EDITOR=kate sudoedit <file>" << std::endl;
}
#endif
/**
Index: kwrite/main.cpp
===================================================================
--- a/kwrite/main.cpp 2018-12-25 09:49:19.231424088 +0100
+++ b/kwrite/main.cpp 2018-12-25 09:50:32.302253532 +0100
@@ -39,21 +39,10 @@
extern "C" Q_DECL_EXPORT int main(int argc, char **argv)
{
#if !defined(Q_OS_WIN) && !defined(Q_OS_HAIKU)
- // Prohibit using sudo or kdesu (but allow using the root user directly)
+ // Allow running KWrite as root, but with a warning
if (getuid() == 0) {
- if (!qEnvironmentVariableIsEmpty("SUDO_USER")) {
- std::cout << "Running KWrite with sudo can cause bugs and expose you to security vulnerabilities. "
- "Instead use KWrite normally and you will be prompted for elevated privileges when "
- "saving documents if needed."
- << std::endl;
- return EXIT_FAILURE;
- } else if (!qEnvironmentVariableIsEmpty("KDESU_USER")) {
- std::cout << "Running KWrite with kdesu can cause bugs and expose you to security vulnerabilities. "
- "Instead use KWrite normally and you will be prompted for elevated privileges when "
- "saving documents if needed."
- << std::endl;
- return EXIT_FAILURE;
- }
+ std::cout << "THIS IS POTENTIALLY INSECURE!\nTo edit files as root please use:" << std::endl;
+ std::cout << "SUDO_EDITOR=kwrite sudoedit <file>" << std::endl;
}
#endif
|