[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-commits
Subject: [dolphin] src: Re-allow running Dolphin as the root user (but still not using sudo)
From: Nathaniel Graham <null () kde ! org>
Date: 2018-05-31 18:18:22
Message-ID: E1fOS9W-0005PU-4D () code ! kde ! org
[Download RAW message or body]
Git commit 40453cb627a39f1ff92373f865426f0bcdc83419 by Nathaniel Graham.
Committed on 31/05/2018 at 18:18.
Pushed by ngraham into branch 'master'.
Re-allow running Dolphin as the root user (but still not using sudo)
Summary:
Prohibiting the use of Dolphin as the actual root user (not using `sudo` or `kdesu`) \
breaks legitimate use cases for using the root user. An example is Kali, a distro \
that logs in as the root user by default as a deliberate design choice.
In such an environment, there is no additional security vulnerability beyond what \
you're already potentially exposing yourself to. So, let's re-enable it.
BUG: 387974
FIXED-IN: 18.08.0
Test Plan:
- Log in as normal user and run `sudo dolphin`: you get an error message.
- Log in as normal user and run `kdesu dolphin`: you get an error message.
- Log in as the root user and run dolphin normally: it works.
Reviewers: markg, elvisangelaccio, #dolphin
Reviewed By: markg
Subscribers: chinmoyr, cfeck, elvisangelaccio, mmustac, Fuchs, markg, graesslin, \
nicolasfella, zzag, kfm-devel, emmanuelp
Tags: #dolphin
Differential Revision: https://phabricator.kde.org/D12795
M +8 -3 src/main.cpp
https://commits.kde.org/dolphin/40453cb627a39f1ff92373f865426f0bcdc83419
diff --git a/src/main.cpp b/src/main.cpp
index db52e11be8..75bab677d7 100644
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -43,10 +43,15 @@
extern "C" Q_DECL_EXPORT int kdemain(int argc, char **argv)
{
#ifndef Q_OS_WIN
- // Check whether we are running as root
+ // Prohibit using sudo or kdesu (but allow using the root user directly)
if (getuid() == 0) {
- std::cout << "Executing Dolphin as root is not possible." << std::endl;
- return EXIT_FAILURE;
+ if (!qEnvironmentVariableIsEmpty("SUDO_USER")) {
+ std::cout << "Executing Dolphin with sudo is not possible due to \
unfixable security vulnerabilities." << std::endl; + return EXIT_FAILURE;
+ } else if (!qEnvironmentVariableIsEmpty("KDESU_USER")) {
+ std::cout << "Executing Dolphin with kdesu is not possible due to \
unfixable security vulnerabilities." << std::endl; + return EXIT_FAILURE;
+ }
}
#endif
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic