pool/lxqt-sudo
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 678877 from X11:LXQt

Browse Source 
- Update to 0.14.1:
  * Dont strip XAUTHLOCALHOSTNAME, it is required for lxqt-sudo
  to function properly.
  * Updated translations
- Remove lxqt-bsc1122410-clear-env.patch: upstreamed

- bsc#1122410: Dont clear XAUTHLOCALHOSTNAME 
- Add lxqt-bsc1122410-clear-env.patch:
  See https://github.com/lxqt/lxqt-sudo/issues/101

- Update to 0.14.0:
  * Force “C” locale for su/sudo
  * Security: Prevent malicious attempts for command injection
  * Strip environment - Leave only required environment variables (for X & locale) to get into the elevated child process.
  * Make critical error messages less obscure
  * Fixed the layout and line-break
- Remove lxqt-sudo-0.13.0-locale-env.patch: upstreamed
- Move translation from lxqt-l10n into package

OBS-URL: https://build.opensuse.org/request/show/678877
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/lxqt-sudo?expand=0&rev=8
This commit is contained in:
Stephan Kulow 2019-02-25 16:59:16 +00:00 committed by Git OBS Bridge
commit 88fd27e97e
7 changed files with 59 additions and 264 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

240
lxqt-sudo-0.13.0-locale-env.patch
View File

@ -1,240 +0,0 @@
Two patches which fix:
https://github.com/lxqt/lxqt-sudo/pull/42
Started at bsc#1100871
From 07ec9ec14e5d8ff2fe5aba33d9f0a1cd07a4db60 Mon Sep 17 00:00:00 2001
From: Palo Kisa <palo.kisa@gmail.com>
Date: Mon, 12 Sep 2016 11:48:18 +0200
Subject: [PATCH] Sudo: Strip environment
Leave only required environment variables (for X & locale) to get into
the elevated child process.
---
sudo.cpp | 39 ++++++++++++++++++++++++++++++++++++---
1 file changed, 36 insertions(+), 3 deletions(-)
diff --git a/sudo.cpp b/sudo.cpp
index 1530801..a98b75d 100644
--- a/sudo.cpp
+++ b/sudo.cpp
@@ -36,12 +36,14 @@
#include <QSocketNotifier>
#include <QDebug>
#include <QThread>
+#include <QProcessEnvironment>
#include <pty.h>
#include <unistd.h>
#include <memory>
#include <csignal>
#include <sys/wait.h>
#include <fcntl.h>
+#include <iostream>
namespace
{
@@ -80,11 +82,42 @@ namespace
<< QObject::tr("%1 version %2\n").arg(app_master).arg(app_version);
}
+ //Note: array must be sorted to allow usage of binary search
+ static constexpr char const * const ALLOWED_VARS[] = {
+ "DISPLAY"
+ , "LANG", "LANGUAGE", "LC_ADDRESS", "LC_ALL", "LC_COLLATE", "LC_CTYPE", "LC_IDENTIFICATION", "LC_MEASUREMENT"
+ , "LC_MESSAGES", "LC_MONETARY", "LC_NAME", "LC_NUMERIC", "LC_PAPER", "LC_TELEPHONE", "LC_TIME"
+ , "PATH", "QT_PLATFORM_PLUGIN", "QT_QPA_PLATFORMTHEME", "WAYLAND_DISPLAY", "XAUTHORITY"
+ };
+ static constexpr char const * const * const ALLOWED_END = ALLOWED_VARS + sizeof (ALLOWED_VARS) / sizeof (ALLOWED_VARS[0]);
+ struct assert_helper
+ {
+ assert_helper()
+ {
+ Q_ASSERT(std::is_sorted(ALLOWED_VARS, ALLOWED_END
+ , [] (char const * const a, char const * const b) { return strcmp(a, b) < 0; }));
+ }
+ };
+ assert_helper h;
+
inline void env_workarounds()
{
- //cleanup environment
- //pcmanfm-qt will not start if the DBUS_SESSION_BUS_ADDRESS is preserved
- unsetenv("DBUS_SESSION_BUS_ADDRESS");
+ std::cerr << LXQTSUDO << ": Stripping child environment except for: ";
+ std::copy(ALLOWED_VARS, ALLOWED_END - 1, std::ostream_iterator<const char *>{std::cerr, ", "});
+ std::cerr << *(ALLOWED_END - 1) << '\n'; // printing the last separately to avoid trailing comma
+ // cleanup environment, because e.g.:
+ // - pcmanfm-qt will not start if the DBUS_SESSION_BUS_ADDRESS is preserved
+ // - Qt apps may change user's config files permissions if the XDG_* are preserved
+ for (auto const & key : QProcessEnvironment::systemEnvironment().keys())
+ {
+ auto const & i = std::lower_bound(ALLOWED_VARS, ALLOWED_END, key, [] (char const * const a, QString const & b) {
+ return b > a;
+ });
+ if (i == ALLOWED_END || key != *i)
+ {
+ unsetenv(key.toStdString().c_str());
+ }
+ }
}
}
From 406a20279e24539e04cab1c96ff808b3e4e2d163 Mon Sep 17 00:00:00 2001
From: Palo Kisa <palo.kisa@gmail.com>
Date: Tue, 24 Jul 2018 13:13:20 +0200
Subject: [PATCH] sudo: Force "C" locale for su/sudo
We force the su/sudo to communicate with us in the simplest locale and
then set the locale back for the command (by using the magic of shell
interpretation).
---
passworddialog.cpp | 9 +++------
passworddialog.h | 2 +-
sudo.cpp | 44 ++++++++++++++++++++++++++------------------
sudo.h | 1 +
4 files changed, 31 insertions(+), 25 deletions(-)
diff --git a/passworddialog.cpp b/passworddialog.cpp
index fcd2208..6377752 100644
--- a/passworddialog.cpp
+++ b/passworddialog.cpp
@@ -4,7 +4,7 @@
* LXQt - a lightweight, Qt based, desktop toolset
* https://lxqt.org
*
- * Copyright: 2015 LXQt team
+ * Copyright: 2015-2018 LXQt team
* Authors:
* Palo Kisa <palo.kisa@gmail.com>
*
@@ -29,7 +29,7 @@
#include "ui_passworddialog.h"
#include <QIcon>
-PasswordDialog::PasswordDialog(QStringList argv
+PasswordDialog::PasswordDialog(const QString & cmd
, QWidget * parent/* = 0*/
, Qt::WindowFlags f/* = 0*/)
: QDialog(parent, f)
@@ -37,10 +37,7 @@ PasswordDialog::PasswordDialog(QStringList argv
{
ui->setupUi(this);
- ui->commandL->setText(argv.join(QStringLiteral(" ")));
- QString cmd;
- if (0 < argv.size())
- cmd = argv[0];
+ ui->commandL->setText(cmd);
ui->descriptionL->setText(tr("<b>%1</b> needs administrative privileges.\nPlease enter your password.").arg(cmd));
ui->iconL->setPixmap(QIcon::fromTheme("dialog-password").pixmap(64, 64));
setWindowIcon(QIcon::fromTheme("security-high"));
diff --git a/passworddialog.h b/passworddialog.h
index 063b81a..d742a52 100644
--- a/passworddialog.h
+++ b/passworddialog.h
@@ -39,7 +39,7 @@ class PasswordDialog : public QDialog
Q_OBJECT
public:
- PasswordDialog(QStringList argv
+ PasswordDialog(const QString & cmd
, QWidget * parent = 0
, Qt::WindowFlags f = 0);
~PasswordDialog();
diff --git a/sudo.cpp b/sudo.cpp
index f6002e1..1530801 100644
--- a/sudo.cpp
+++ b/sudo.cpp
@@ -4,7 +4,7 @@
* LXQt - a lightweight, Qt based, desktop toolset
* https://lxqt.org
*
- * Copyright: 2015 LXQt team
+ * Copyright: 2015-2018 LXQt team
* Authors:
* Palo Kisa <palo.kisa@gmail.com>
*
@@ -141,16 +141,12 @@ int Sudo::main()
//we were invoked through unknown link (or renamed binary)
usage(tr("%1: no backend chosen!").arg(app_master));
return 1;
- } else if (BACK_SU == mBackend && 1 < mArgs.size())
- {
- QString cmd = mArgs.replaceInStrings(QRegExp(QStringLiteral("^(.*)$")), "'\\1'").join(QStringLiteral(" "));
- QTextStream(stderr) << tr("%1: warning - got multiple arguments for %2 backend, squashing into one: %3")
- .arg(app_master).arg(su_prog).arg(cmd);
- mArgs.erase(++mArgs.begin(), mArgs.end());
- mArgs[0] = std::move(cmd);
}
- mDlg.reset(new PasswordDialog{mArgs});
+ mArgs.replaceInStrings(QStringLiteral("'"), QStringLiteral("'\\''"));
+ mSquashedArgs = mArgs.replaceInStrings(QRegExp(QStringLiteral("^(.*)$")), "'\\1'").join(QStringLiteral(" "));
+
+ mDlg.reset(new PasswordDialog{mSquashedArgs});
mDlg->setModal(true);
lxqtApp->setActiveWindow(mDlg.data());
@@ -169,9 +165,8 @@ int Sudo::main()
void Sudo::child()
{
- int params_cnt = 2 //1. su/sudo & last nullptr
- + 1 //-c for su | -E for sudo
- + mArgs.size();
+ int params_cnt = 3 //1. su/sudo & "shell command" & last nullptr
+ + (BACK_SU == mBackend ? 1 : 3); //-c for su | -E /bin/sh -c for sudo
std::unique_ptr<char const *[]> params{new char const *[params_cnt]};
const char ** param_arg = params.get() + 1;
@@ -179,20 +174,33 @@ void Sudo::child()
if (BACK_SU == mBackend)
{
program = su_prog.toStdString();
- *(param_arg++) = "-c"; //run command
} else
{
program = sudo_prog.toStdString();
*(param_arg++) = "-E"; //preserve environment
+ *(param_arg++) = "/bin/sh";
}
+ *(param_arg++) = "-c"; //run command
params[0] = program.c_str();
- std::vector<std::string> arguments;
- for (const auto & a : mArgs)
- arguments.push_back(a.toStdString());
- for (const auto & a : arguments)
- *(param_arg++) = a.c_str();
+ // Note: we force the su/sudo to communicate with us in the simplest
+ // locale and then set the locale back for the command
+ char const * const env_lc_all = getenv("LC_ALL");
+ setenv("LC_ALL", "C", 1);
+ std::string command;
+ if (env_lc_all == nullptr)
+ {
+ command = "unset LC_ALL; ";
+ } else
+ {
+ command = "LC_ALL='";
+ command += env_lc_all;
+ command += "' ";
+ }
+ command += "exec ";
+ command += mSquashedArgs.toStdString();
+ *(param_arg++) = command.c_str();
*param_arg = nullptr;
diff --git a/sudo.h b/sudo.h
index c3eab94..d7a8c21 100644
--- a/sudo.h
+++ b/sudo.h
@@ -62,6 +62,7 @@ class Sudo : public QObject
QScopedPointer<PasswordDialog> mDlg;
QStringList mArgs;
backend_t mBackend;
+ QString mSquashedArgs;
int mChildPid;
int mPwdFd;

3
lxqt-sudo-0.13.0.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:8e05adf4926eead9fa3015be54a76f67ebf3f7c40e1dea0bcafbcf4c38e548c8
size 16208

16
lxqt-sudo-0.13.0.tar.xz.asc
View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEfHM7pfWFqtZp5NI6QsnI069epeMFAlsDGaUACgkQQsnI069e
peM9FxAAlTHDGNlAJ8OaV9kbzytXcyg/2xyHCrCXzN8XiWDD8zb+khXYFnVgZ2YN
hBGompRv1RqgMqoRiuawHnppKYN/IEGpDllab111LwZZn16qFwgZ0mEE0WY1qdxK
l+o3Y4F+9Y70boxDwevYQv9IAGLl+pFIrShJVyRkwa72P0XfVyzZCcJjPoPCsHM0
ITFNvuFWgUIHddO2kUPDjDx0yOi1lII/pq7fKxb8AZoh1v32t1Dif9LFjBQmvK8I
vw1FWuTi4Enh09GDXa5s0sh0j2h34a4py0lb0+lbIJonyKR3Dx0pTFc47PiW9JOd
H28qBWrFfhcTC+bwcXx+LwozUxD+TpGI7ElC+0K+6Iyeu7dD8jECFay+SO+wTMEZ
xgXhImft0VpVRwh88RaJ9Li6dSNfSsCPGWZmkjVwVHuJ7km9NaMDYgokpscXEf1f
5aaSFgYbpzVP66hCet7aJ9in2JLl/5kse/zaGYaFGIdq+gopaDxg5kXlUwN8aYco
Fok/FRecoSUUA7VVOMKRdRBMFQptJq0NkjxWCuwNQ0jhM7stpndRdMovHzbbkp7V
6Glb8kKqdS26rbkDT/n2kYaM4JnS9opFSiqw7lwfE4pBzCIyY5NSQxMudi6AKB9d
8C1Zb4QA7+bN5C039EIyi7vPad+EzOf/l9RBn1GXygWf4nNL5X8=
=5wrl
-----END PGP SIGNATURE-----

3
lxqt-sudo-0.14.1.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:5e59d592b8cd06fe47ede6b1460fac08f5ccdb56dcdeddf599fcde39c57d7e55
size 30692

16
lxqt-sudo-0.14.1.tar.xz.asc Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEfHM7pfWFqtZp5NI6QsnI069epeMFAlxzCOwACgkQQsnI069e
pePJJg//RAG8OuuWHs5rBVFtdPGHugVFokiwBy9xrO75MM5l1GdMQzbqpdX0pt4T
42ELLJHvyw0QY9OO/3TDXYSu3VQM7LGbOfRptjVn4PvdahhhaXyJs7PgjnZjaSUN
t9stYUmF9OKIWJwqn3aGjOTBl8L34Zd12DT1Q3IkQWwR8E9zgati1SVscv2qrQ+t
845x05YFR5lUV2AJLaUKclZ2qlIG3kV+G+XCN0xA3Nk41pKZS8n2wmQur3ZFHn8k
1ud+ZT+2rd36IxRes7g4TSgNuEDCgaziGs/yDND4S8Xp0prUp+ovbeBmBfkS5IYY
thBJPgTcDwDUEzuVVytOT5om7uDoysxx/cHTsPv3QGFWPnj5jlkQk3q7YIMqTCl6
1oIw9+ckmmHDO1/NRacLYQ1UDRIERMgfABrpVNKgI1raRTcXO+nbS2FSMCL1zL0z
+bAVDxduxvlxqG9N7wnxewbP6zrqrAmPnhUri9iJ9wrENBySKkqLL8Uslga9l2+Y
Yp/WHfXL0ZAC3i7iTYu80Sp3UlpSldQykkjASqmOJoyoF/Hm7a2K0HZP0ex8QbJY
LSiG11srGtxK17a2y4Duxacs6PKW5el5B5iC+RhnGRMho/31HH5Z6uGDBk4slNPB
CNJFOobN5jgvJVZgwgxcd7m2KxbdLzFYnHBImct5M4LJd60ALe8=
=a0zT
-----END PGP SIGNATURE-----

28
lxqt-sudo.changes
View File

@ -1,3 +1,31 @@
-------------------------------------------------------------------
Mon Feb 25 10:22:41 UTC 2019 - mvetter@suse.com
- Update to 0.14.1:
* Dont strip XAUTHLOCALHOSTNAME, it is required for lxqt-sudo
to function properly.
* Updated translations
- Remove lxqt-bsc1122410-clear-env.patch: upstreamed
-------------------------------------------------------------------
Tue Feb 5 10:46:45 UTC 2019 - mvetter@suse.com
- bsc#1122410: Dont clear XAUTHLOCALHOSTNAME
- Add lxqt-bsc1122410-clear-env.patch:
See https://github.com/lxqt/lxqt-sudo/issues/101
-------------------------------------------------------------------
Thu Jan 31 10:29:34 UTC 2019 - Michael Vetter <mvetter@suse.com>
- Update to 0.14.0:
* Force “C” locale for su/sudo
* Security: Prevent malicious attempts for command injection
* Strip environment - Leave only required environment variables (for X & locale) to get into the elevated child process.
* Make critical error messages less obscure
* Fixed the layout and line-break
- Remove lxqt-sudo-0.13.0-locale-env.patch: upstreamed
- Move translation from lxqt-l10n into package
-------------------------------------------------------------------
Thu Jul 26 13:05:35 UTC 2018 - mvetter@suse.com

17
lxqt-sudo.spec
View File

@ -1,7 +1,7 @@
#
# spec file for package lxqt-sudo
#
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -17,7 +17,7 @@
Name: lxqt-sudo
Version: 0.13.0
Version: 0.14.1
Release: 0
Summary: GUI frontend for sudo
License: LGPL-2.1-only
@ -26,8 +26,7 @@ URL: http://lxqt.org
Source: https://github.com/lxqt/%{name}/releases/download/%{version}/%{name}-%{version}.tar.xz
Source1: https://github.com/lxqt/%{name}/releases/download/%{version}/%{name}-%{version}.tar.xz.asc
Source2: %{name}.keyring
Patch1: lxqt-sudo-0.13.0-locale-env.patch
BuildRequires: cmake >= 3.0.2
BuildRequires: cmake >= 3.1.0
BuildRequires: gcc-c++
BuildRequires: lxqt-build-tools-devel >= 0.5.0
BuildRequires: pkgconfig
@ -44,9 +43,10 @@ When invoked it simply spawns child sudo process with requested command (and
arguments). If sudo requests user's password, the GUI password dialog is shown
and (after submit) the password is provided to sudo.
%lang_package
%prep
%setup -q
%patch1 -p1
%build
%cmake -DPULL_TRANSLATIONS=No
@ -55,6 +55,8 @@ make %{?_smp_mflags}
%install
%cmake_install
%find_lang %{name} --with-qt
%files
%license LICENSE
%doc AUTHORS
@ -63,4 +65,9 @@ make %{?_smp_mflags}
%{_mandir}/man?/%{name}.*
%{_mandir}/man?/lxsu*.*
%files lang -f %{name}.lang
%dir %{_datadir}/lxqt
%dir %{_datadir}/lxqt/translations
%{_datadir}/lxqt/translations/lxqt-sudo
%changelog