Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/kde-apps/dolphin/files/dolphin-18.04.3-root-user.patch
blob: 04baafa1d8e881d01d5a98ee6b032d02255d9add (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56

From 40453cb627a39f1ff92373f865426f0bcdc83419 Mon Sep 17 00:00:00 2001
From: Nathaniel Graham <nate@kde.org>
Date: Wed, 9 May 2018 17:18:08 -0600
Subject: Re-allow running Dolphin as the root user (but still not using sudo)

Summary:
Prohibiting the use of Dolphin as the actual root user (not using `sudo` or `kdesu`) breaks legitimate use cases for using the root user. An example is Kali, a distro that logs in as the root user by default as a deliberate design choice.

In such an environment, there is no additional security vulnerability beyond what you're already potentially exposing yourself to. So, let's re-enable it.

BUG: 387974
FIXED-IN: 18.08.0

Test Plan:
- Log in as normal user and run `sudo dolphin`: you get an error message.
- Log in as normal user and run `kdesu dolphin`: you get an error message.
- Log in as the root user and run dolphin normally: it works.

Reviewers: markg, elvisangelaccio, #dolphin

Reviewed By: markg

Subscribers: chinmoyr, cfeck, elvisangelaccio, mmustac, Fuchs, markg, graesslin, nicolasfella, zzag, kfm-devel, emmanuelp

Tags: #dolphin

Differential Revision: https://phabricator.kde.org/D12795
---
 src/main.cpp | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/main.cpp b/src/main.cpp
index db52e11..75bab67 100644
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -43,10 +43,15 @@
 extern "C" Q_DECL_EXPORT int kdemain(int argc, char **argv)
 {
 #ifndef Q_OS_WIN
-    // Check whether we are running as root
+    // Prohibit using sudo or kdesu (but allow using the root user directly)
     if (getuid() == 0) {
-        std::cout << "Executing Dolphin as root is not possible." << std::endl;
-        return EXIT_FAILURE;
+        if (!qEnvironmentVariableIsEmpty("SUDO_USER")) {
+            std::cout << "Executing Dolphin with sudo is not possible due to unfixable security vulnerabilities." << std::endl;
+            return EXIT_FAILURE;
+        } else if (!qEnvironmentVariableIsEmpty("KDESU_USER")) {
+            std::cout << "Executing Dolphin with kdesu is not possible due to unfixable security vulnerabilities." << std::endl;
+            return EXIT_FAILURE;
+        }
     }
 #endif
 
-- 
cgit v0.11.2