2017-05-18 21:18:32 +02:00
|
|
|
From 435ed5853b9451ab8fdfff722545c57a8f154625 Mon Sep 17 00:00:00 2001
|
|
|
|
From: Fabian Vogt <fabian@ritter-vogt.de>
|
|
|
|
Date: Sat, 18 Feb 2017 13:49:14 +0100
|
|
|
|
Subject: [PATCH] Defuse root block
|
|
|
|
|
|
|
|
While the main point is correct as any application running in the same
|
|
|
|
X session (not sandboxed) can use kate's capability to open a console,
|
|
|
|
we allow (even encourage) running YaST on X11 as root.
|
|
|
|
That way it's only an impact on usability.
|
|
|
|
---
|
|
|
|
kate/main.cpp | 3 +--
|
|
|
|
kwrite/main.cpp | 3 +--
|
|
|
|
2 files changed, 2 insertions(+), 4 deletions(-)
|
|
|
|
|
2019-10-12 13:23:46 +02:00
|
|
|
Index: kate-19.03.60git.20190930T050110~1d9a68423/kate/main.cpp
|
2018-07-14 00:20:08 +02:00
|
|
|
===================================================================
|
2019-10-12 13:23:46 +02:00
|
|
|
--- kate-19.03.60git.20190930T050110~1d9a68423.orig/kate/main.cpp 2019-09-30 05:01:10.000000000 +0200
|
|
|
|
+++ kate-19.03.60git.20190930T050110~1d9a68423/kate/main.cpp 2019-09-30 07:28:13.299460412 +0200
|
|
|
|
@@ -60,13 +60,8 @@
|
2018-07-28 15:26:29 +02:00
|
|
|
#ifndef Q_OS_WIN
|
|
|
|
// Prohibit using sudo or kdesu (but allow using the root user directly)
|
2017-05-18 21:18:32 +02:00
|
|
|
if (getuid() == 0) {
|
2018-07-28 15:26:29 +02:00
|
|
|
- if (!qEnvironmentVariableIsEmpty("SUDO_USER")) {
|
|
|
|
- std::cout << "Executing Kate with sudo is not possible due to unfixable security vulnerabilities." << std::endl;
|
|
|
|
- return EXIT_FAILURE;
|
|
|
|
- } else if (!qEnvironmentVariableIsEmpty("KDESU_USER")) {
|
|
|
|
- std::cout << "Executing Kate with kdesu is not possible due to unfixable security vulnerabilities." << std::endl;
|
|
|
|
- return EXIT_FAILURE;
|
|
|
|
- }
|
2017-05-18 21:18:32 +02:00
|
|
|
+ std::cout << "THIS IS POTENTIALLY INSECURE!\nTo edit files as root please use:" << std::endl;
|
2018-07-28 15:26:29 +02:00
|
|
|
+ std::cout << "SUDO_EDITOR=kwrite sudoedit <file>" << std::endl;
|
2017-05-18 21:18:32 +02:00
|
|
|
}
|
|
|
|
#endif
|
|
|
|
/**
|
2019-10-12 13:23:46 +02:00
|
|
|
Index: kate-19.03.60git.20190930T050110~1d9a68423/kwrite/main.cpp
|
2018-07-14 00:20:08 +02:00
|
|
|
===================================================================
|
2019-10-12 13:23:46 +02:00
|
|
|
--- kate-19.03.60git.20190930T050110~1d9a68423.orig/kwrite/main.cpp 2019-09-30 05:01:10.000000000 +0200
|
|
|
|
+++ kate-19.03.60git.20190930T050110~1d9a68423/kwrite/main.cpp 2019-09-30 07:28:13.299460412 +0200
|
|
|
|
@@ -54,13 +54,8 @@
|
2018-07-28 15:26:29 +02:00
|
|
|
#ifndef Q_OS_WIN
|
|
|
|
// Prohibit using sudo or kdesu (but allow using the root user directly)
|
2017-05-18 21:18:32 +02:00
|
|
|
if (getuid() == 0) {
|
2018-07-28 15:26:29 +02:00
|
|
|
- if (!qEnvironmentVariableIsEmpty("SUDO_USER")) {
|
2019-04-03 10:51:28 +02:00
|
|
|
- std::cout << "Executing KWrite with sudo is not possible due to unfixable security vulnerabilities." << std::endl;
|
2018-07-28 15:26:29 +02:00
|
|
|
- return EXIT_FAILURE;
|
|
|
|
- } else if (!qEnvironmentVariableIsEmpty("KDESU_USER")) {
|
2019-04-03 10:51:28 +02:00
|
|
|
- std::cout << "Executing KWrite with kdesu is not possible due to unfixable security vulnerabilities." << std::endl;
|
2018-07-28 15:26:29 +02:00
|
|
|
- return EXIT_FAILURE;
|
|
|
|
- }
|
2019-04-03 10:51:28 +02:00
|
|
|
+ std::cout << "THIS IS POTENTIALLY INSECURE!\nTo edit files as root please use:" << std::endl;
|
|
|
|
+ std::cout << "SUDO_EDITOR=kwrite sudoedit <file>" << std::endl;
|
2017-05-18 21:18:32 +02:00
|
|
|
}
|
|
|
|
#endif
|
2019-10-12 13:23:46 +02:00
|
|
|
|