Bug 292176

Summary: kdesu hang when wrong password is entered in sudo mode.
Product: [Applications] kdesu Reporter: dE <de.techno>
Component: generalAssignee: kdesu bugs tracker <kdesu-bugs-null>
Status: RESOLVED DUPLICATE    
Severity: major CC: cfeck, faure, jpalecek, post, thomas.luebking
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Debian testing   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description dE 2012-01-22 10:15:05 UTC 
Version:           unspecified (using KDE 4.6.5) 
OS:                Linux

If kdesu is configured to use sudo - 

kwriteconfig --file kdesurc --group super-user-command --key super-user-command sudo

It hangs when the user gives the wrong password.

This can be tried while configuring the shares on the shares tab on the properties of a folder.

Reproducible: Always



Expected Results:
Comment 1 Christoph Feck 2012-01-27 22:30:55 UTC 
How long does it hang? Usually, sudo forces a delay on wrong passwords, so that you cannot do a fast password attack.
Comment 2 dE 2012-01-28 04:56:30 UTC 
(In reply to comment #1)
> How long does it hang? Usually, sudo forces a delay on wrong passwords, so that
> you cannot do a fast password attack.

It hangs forever. Sudo does the delay or PAM (defaults to 3 seconds)?

Also if I use 'kdesudo' (a Debian packages), it works fine.

It's not reproducible on your case?
Comment 3 dE 2012-02-12 04:27:57 UTC 
Can anyone else reproduce this?
Comment 4 dE 2012-02-16 05:04:06 UTC 
I've started to get a feeling that this's a Debian problem.
Comment 5 dE 2012-02-18 11:51:52 UTC 
No, this's a KDE issue. It's reproducible on Gentoo with kde 4.7
Comment 6 Thomas Lübking 2012-02-19 14:40:35 UTC 
apparently hangs here:
#0  0xb7738424 in __kernel_vsyscall ()
#1  0xb621a85b in read () from /lib/libpthread.so.0
#2  0xb72a969a in KDESu::PtyProcess::readAll(bool) () from /usr/lib/libkdesu.so.5
#3  0xb72a9d4f in KDESu::PtyProcess::readLine(bool) () from /usr/lib/libkdesu.so.5
#4  0xb72af93b in KDESu::SuProcess::ConverseSU(char const*) () from /usr/lib/libkdesu.so.5
#5  0xb72b051b in KDESu::SuProcess::exec(char const*, int) () from /usr/lib/libkdesu.so.5
#6  0xb72b145b in KDESu::SuProcess::checkInstall(char const*) () from /usr/lib/libkdesu.so.5
Comment 7 Thomas Lübking 2012-02-19 14:41:20 UTC 
since this is not a kwin bug i should not remove myself from CC ... *sigh*
Comment 8 Thomas Lübking 2012-02-19 14:41:41 UTC 
... unbelievable ...
Comment 9 Thomas Lübking 2012-02-19 15:06:44 UTC 
... and it continues once the passwd_tries (visudo setting) have failed, so readLine / readAll just is wrong since there's no EOL before that happened.
Comment 10 dE 2012-02-25 07:30:02 UTC 
Can there be any workarounds for this?
Comment 11 Thomas Lübking 2012-02-25 14:26:44 UTC 
(In reply to comment #10)
> Can there be any workarounds for this?

Only by setting passwd_tries to one for that account (but that also covers textshell usage)

The problem afaics (i don't develop ksudo) is that sudo will probably return an EINTR errno until it's done to keep terminal stuff alive.

Best solution i can think of is a sudo runtime switch to set  passwd_tries to min(passwd_tries, switch) so you could use "sudo -passwd_tries 1" as backend.
Comment 12 dE 2012-02-28 04:47:08 UTC 
Thanks for the temporary fix!

Actually, considering this, this's not a bug. It can be stated that by design -passwd_tries 1 is used
Comment 13 Thomas Lübking 2012-02-28 07:48:56 UTC 
NOTICE:
there is NO such runtime flag, at least not on my sudo.
You can ONLY configure this in visudo.
I only suggested such flag could help.
Passing this as kdesu backend command will actually alter the prompt - i've not tried if -as a side effect- this somehow helps kdesu.
Comment 14 dE 2012-02-28 15:26:16 UTC 
We need to wait for the kdesu dev.

Thanks for the tip!
Comment 15 dE 2012-03-03 06:07:00 UTC 
Changing priority to major -- this hinders usability.
Comment 16 Oswald Buddenhagen 2012-03-03 10:04:32 UTC 
i'm tempted to simply close this as a duplicate of bug 115898. kdesu was not designed to work with sudo, so any problems arising from this misguided re-purposing are out of scope by definition. you should be using kdesudo instead. patches are welcome, though. ;)
Comment 17 dE 2012-03-04 03:43:12 UTC 
(In reply to comment #16)
> i'm tempted to simply close this as a duplicate of bug 115898. kdesu was not
> designed to work with sudo, so any problems arising from this misguided
> re-purposing are out of scope by definition. you should be using kdesudo
> instead. patches are welcome, though. ;)

But according to the docs, it's designed - 

http://techbase.kde.org/Projects/kdesu#sudo

How can I use kdesudo in kdeapps which use kdesu libraries? This is a problem in Debian; it doesnt even have a binary named kdesu.

I'm not a dev.
Comment 18 Thomas Lübking 2012-03-04 06:40:04 UTC 
ls /usr/lib/kde4/libexec/kdesu*
might be lib64 in your case - i'm however not sure whether you can just replace the binaries to have applications invoke kdesudo instead of kdesu.
For the "run krusader as root" case you could just alter the desktop service file.

*cough* The provided link btw. also points the various issues regarding the sudo invocation *cough*
Comment 19 Oswald Buddenhagen 2012-03-04 09:36:07 UTC 
(In reply to comment #17)
> I'm not a dev.
>
yes, it shows.
what you called "the docs" is in fact a "what's wrong with it" list.
Comment 20 dE 2012-03-04 15:42:57 UTC 
In that case, this bug should be closed as duplicate.

Also, -passwd_tries 1 does not work, the sudo configs have to be altered to just have 1 attempt.
Comment 21 Ralf Jung 2012-04-11 12:35:01 UTC 
I am also plagued by this bug, and it even made me set a root password, which IMHO is nothing but an unnecessary potential security problem.

> you should be using kdesudo instead.
How can we make KDE sue kdesudo for applications like KSystemLog or Synaptic, which have the "run as different user" option checked in KMenuEdit?
Comment 22 dE 2012-04-12 07:50:52 UTC 
Dont use run as a different user, set the command to kdesudo <command>.
Comment 23 Ralf Jung 2012-04-12 09:04:33 UTC 
Ah, that works, thanks.
It's a bit inconvenient though since I need to change each item which needs root to run manually. Some central switch would be better, but I guess that can't work since kdesudo is not even part of the SC.
Comment 24 dE 2012-04-12 13:42:31 UTC 
I was wondering if there's any way to sync the root's and user's password.
Comment 25 Andrew Crouthamel 2018-11-10 03:19:21 UTC 
Dear Bug Submitter,

This bug has been stagnant for a long time. Could you help us out and re-test if the bug is valid in the latest version? I am setting the status to NEEDSINFO pending your response, please change the Status back to REPORTED when you respond.

Thank you for helping us make KDE software even better for everyone!
Comment 26 Andrew Crouthamel 2018-11-20 04:07:45 UTC 
Dear Bug Submitter,

This is a reminder that this bug has been stagnant for a long time. Could you help us out and re-test if the bug is valid in the latest version? This bug will be moved back to REPORTED Status for manual review later, which may take a while. If you are able to, please lend us a hand.

Thank you for helping us make KDE software even better for everyone!
Comment 27 Jiri Palecek 2019-02-05 02:12:58 UTC 

*** This bug has been marked as a duplicate of bug 389049 ***