From kde-core-devel  Wed Oct 25 21:33:00 2006
From: "Benjamin Reed" <rangerrick () gmail ! com>
Date: Wed, 25 Oct 2006 21:33:00 +0000
To: kde-core-devel
Subject: kde 3.5.5 kdeinit setuid is always enabled?
Message-Id: <57eba2250610251433t876847bn9fdcef689acbe346 () mail ! gmail ! com>
X-MARC-Message: https://marc.info/?l=kde-core-devel&m=116181200904533

I'm not sure why this wouldn't be happening everywhere, but the new
setuid kdeinit stuff causes my ~/.ICEauthority file to be created
owned by root, which subsequently causes authentication errors and kde
fails to start:

---(snip!)---
xset:  bad font path element (#87), possible causes are:
    Directory does not exist or has wrong permissions
    Directory missing fonts.dir
    Incorrect font server address or syntax
xset:  bad font path element (#87), possible causes are:
    Directory does not exist or has wrong permissions
    Directory missing fonts.dir
    Incorrect font server address or syntax
startkde: Starting up...
kdeinit: Launched DCOPServer, pid = 12225 result = 0
DCOPClient::attachInternal. Attach failed Authentication Rejected,
reason : None of the authentication protocols specified are supported
and host-based authentication failed
ICE Connection rejected!

DCOPClient::attachInternal. Attach failed Authentication Rejected,
reason : None of the authentication protocols specified are supported
and host-based authentication failed
DCOPServer self-test failed.
iceauth:  /Users/ranger/.ICEauthority not writable, changes will be ignored
iceauth:  /Users/ranger/.ICEauthority not writable, changes ignored
kdeinit: DCOPServer could not be started, aborting.
ICE Connection rejected!

DCOPServer : slotShutdown() -> waiting for clients to disconnect.
DCOPServer : slotExit() -> exit.
Warning: connect() failed: : Permission denied
The following installation problem was detected
while trying to start KDE:

    No write access to '/Users/ranger/.ICEauthority'.

KDE is unable to start.
startkde: Could not start ksmserver. Check your installation.
ERROR: Couldn't attach to DCOP server!
startkde: Shutting down...
Warning: connect() failed: : Permission denied
Error: Can't contact kdeinit!
startkde: Running shutdown scripts...
startkde: Done.
---(snip!)---

now, according to configure.log it says it's not going to make it setuid:

---(snip!)---
checking whether to make kdeinit setuid root in order to protect it
from bad Linux OOM-killer... no
---(snip!)---

...and the Makefile.am *thinks* it's only supposed to do the setuid if
that says "yes":

---(snip!)---
if KDEINIT_SETUID
# start_kdeinit needs to be installed setuid root on Linux
install-exec-hook:
        @(chown 0 $(DESTDIR)$(bindir)/start_kdeinit && chmod 4755
$(DESTDIR)$(bindir)/start_kdeinit) || echo "Please make start_kdeinit
setuid root" >&2
        @echo ""
        @echo "start_kdeinit is by default installed on Linux with a
set SETUID root bit!"
        @echo "This is needed to prevent kdeinit from being killed by
a bad heuristic in the OOM-killer when running out of memory."
        @echo ""
endif
---(snip!)---

...but going by the install output, it's getting enabled anyways:

---(snip!)---
cd ./kdesu/ && /sw/share/unsermake/unsermake install-data-hook
99%
kgrantpty is by default installed with a set SETUID root bit!
This is needed for konsole, etc. to ensure that they can't be eavesdropped.

cd ./kdecore/ && /sw/share/unsermake/unsermake install-exec-hook
99%
start_kdeinit is by default installed on Linux with a set SETUID root bit!
This is needed to prevent kdeinit from being killed by a bad heuristic
in the OOM-killer when running out of memory.

cd ./kinit/ && /sw/share/unsermake/unsermake install-exec-hook
---(snip!)---

I can fix it manually for OSX now, but I wouldn't be surprised if this
bites someone else as well...