70 lines
3.3 KiB
Diff
70 lines
3.3 KiB
Diff
From bfe1b2dd63d410c8365b2197a313193ab29ebe5e Mon Sep 17 00:00:00 2001
|
|
From: Fabian Vogt <fabian@ritter-vogt.de>
|
|
Date: Sat, 18 Feb 2017 13:49:14 +0100
|
|
Subject: [PATCH] Defuse root block
|
|
|
|
While the main point is correct as any application running in the same
|
|
X session (not sandboxed) can use kate's capability to open a console,
|
|
we allow (even encourage) running YaST on X11 as root.
|
|
That way it's only an impact on usability.
|
|
---
|
|
kate/main.cpp | 15 ++-------------
|
|
kwrite/main.cpp | 15 ++-------------
|
|
2 files changed, 4 insertions(+), 26 deletions(-)
|
|
|
|
diff --git a/kate/main.cpp b/kate/main.cpp
|
|
index 5cdaa6c4d..042c0cfc8 100644
|
|
--- a/kate/main.cpp
|
|
+++ b/kate/main.cpp
|
|
@@ -48,19 +48,8 @@ int main(int argc, char **argv)
|
|
#if !defined(Q_OS_WIN) && !defined(Q_OS_HAIKU)
|
|
// Prohibit using sudo or kdesu (but allow using the root user directly)
|
|
if (getuid() == 0) {
|
|
- if (!qEnvironmentVariableIsEmpty("SUDO_USER")) {
|
|
- std::cout << "Executing Kate with sudo is not possible due to unfixable security vulnerabilities. "
|
|
- "It is also not necessary; simply use Kate normally, and you will be prompted for "
|
|
- "elevated privileges when saving documents if needed."
|
|
- << std::endl;
|
|
- return EXIT_FAILURE;
|
|
- } else if (!qEnvironmentVariableIsEmpty("KDESU_USER")) {
|
|
- std::cout << "Executing Kate with kdesu is not possible due to unfixable security vulnerabilities. "
|
|
- "It is also not necessary; simply use Kate normally, and you will be prompted for "
|
|
- "elevated privileges when saving documents if needed."
|
|
- << std::endl;
|
|
- return EXIT_FAILURE;
|
|
- }
|
|
+ std::cout << "THIS IS POTENTIALLY INSECURE!\nTo edit files as root please use:" << std::endl;
|
|
+ std::cout << "SUDO_EDITOR=kwrite sudoedit <file>" << std::endl;
|
|
}
|
|
#endif
|
|
/**
|
|
diff --git a/kwrite/main.cpp b/kwrite/main.cpp
|
|
index 4daa7c3a2..d3b83686c 100644
|
|
--- a/kwrite/main.cpp
|
|
+++ b/kwrite/main.cpp
|
|
@@ -40,19 +40,8 @@ extern "C" Q_DECL_EXPORT int main(int argc, char **argv)
|
|
#if !defined(Q_OS_WIN) && !defined(Q_OS_HAIKU)
|
|
// Prohibit using sudo or kdesu (but allow using the root user directly)
|
|
if (getuid() == 0) {
|
|
- if (!qEnvironmentVariableIsEmpty("SUDO_USER")) {
|
|
- std::cout << "Executing KWrite with sudo is not possible due to unfixable security vulnerabilities. "
|
|
- "It is also not necessary; simply use KWrite normally, and you will be prompted for "
|
|
- "elevated privileges when saving documents if needed."
|
|
- << std::endl;
|
|
- return EXIT_FAILURE;
|
|
- } else if (!qEnvironmentVariableIsEmpty("KDESU_USER")) {
|
|
- std::cout << "Executing KWrite with kdesu is not possible due to unfixable security vulnerabilities. "
|
|
- "It is also not necessary; simply use KWrite normally, and you will be prompted for "
|
|
- "elevated privileges when saving documents if needed."
|
|
- << std::endl;
|
|
- return EXIT_FAILURE;
|
|
- }
|
|
+ std::cout << "THIS IS POTENTIALLY INSECURE!\nTo edit files as root please use:" << std::endl;
|
|
+ std::cout << "SUDO_EDITOR=kwrite sudoedit <file>" << std::endl;
|
|
}
|
|
#endif
|
|
|
|
--
|
|
2.32.0
|
|
|