Bug 452532

Summary: kdesu stopped working in KUbuntu due to sudo's use_pty option
Product: [Frameworks and Libraries] frameworks-kdesu Reporter: gzabdoirv
Component: generalAssignee: Fabian Vogt <fabian>
Status: RESOLVED FIXED    
Severity: critical CC: a.samirh78, andrius, boaz.dodin, draugr, eeickmeyer, fabian, fratellitech, golgeadada, katyaberezyaka, kubry, nate, p.r.worrall, pallaswept, rikmills, rrsriram, solwilliams, tdhj744ra03u, woshilinmanfu+kde, xmichael, xqqy189, xxasdqwe
Priority: VHI    
Version: 5.92.0   
Target Milestone: ---   
Platform: Ubuntu   
OS: Linux   
See Also: https://bugs.kde.org/show_bug.cgi?id=396767
Latest Commit: Version Fixed In: 5.109
Sentry Crash Report:

Description gzabdoirv 2022-04-12 03:15:15 UTC
SUMMARY
***
NOTE: If you are reporting a crash, please try to attach a backtrace with debug symbols.
See https://community.kde.org/Guidelines_and_HOWTOs/Debugging/How_to_create_useful_crash_reports
***


STEPS TO REPRODUCE
1. use kdesu
2. enter root password 
3. enter either password or user password

OBSERVED RESULT
Kdesu was working fine before updating from Ubuntu 20.04 to 22.04. Now it complains "The action you requested needs root priviliges. Please enter root's passoword below or click Ignore to continue with your current privileges." and asks for another password. 

EXPECTED RESULT
krusader or any app should run as root
they do fine when run from CLI as root using kdesu, but not from other user which it errors "org.kde.kdesu: Daemon not safe (not sgid), not using it." I tried to `chmod g+s` both the `which kdesu` and the symlinked target with no success.

SOFTWARE/OS VERSIONS
Windows: 
macOS: 
Linux/KDE Plasma: 
(available in About System)
KDE Plasma Version: 
KDE Frameworks Version: 
Qt Version: 

ADDITIONAL INFORMATION
Have tried methods here: 
https://unix.stackexchange.com/questions/463352/how-to-run-kde-partition-manager-with-no-root-password-set
which point to:
https://wiki.archlinux.org/title/sudo#kdesu
which worked before, but dont now even after reapplying them.
Comment 1 Andrius Štikonas 2022-04-12 18:26:04 UTC
Note that if you are trying to run kdesu partitionmanager it will likely not work as partition manager now runs as unprivileged user and starts a small helper daemon that runs as root and authorization is handled via polkit. So in this case running "partitionmanager" should be sufficient.

Multiple password requests in partitionmanager was a bug which is fixed in 22.04.0.
Comment 2 Erich Eickmeyer 2022-04-25 15:00:30 UTC
We have been noticing this behavior on Ubuntu for a few months, but the blame was being passed to pkexec, not realizing that when, for instance, discover launches software-properties-qt that it uses kdesu to do so. 

We have an open downstream bug report at https://launchpad.net/bugs/1965439
Comment 3 Ahmad Samir 2022-05-04 20:45:48 UTC
The daemon is kdesud, which is typically installed in /usr/libexec.
Comment 4 Erich Eickmeyer 2022-05-04 21:13:58 UTC
(In reply to Ahmad Samir from comment #3)
> The daemon is kdesud, which is typically installed in /usr/libexec.

That's true on Arch systems, but not Debian/Ubuntu. It's just one way, not the only way.
Comment 5 Ahmad Samir 2022-05-04 21:59:46 UTC
They keyword is "libexec" dir, I know distros have different configurations for the FHS stuff.
Comment 6 Rik Mills 2022-05-06 16:58:21 UTC
Confirmed on KDE Neon preliminary 22.04 Jammy builds.

Possibly some change in latest pam/sudo found in 22.04 has triggered the issue?
Comment 7 Ahmad Samir 2022-05-06 17:45:41 UTC
To clarify things, does kdesud have the setgid bit set?
Comment 8 Rik Mills 2022-05-06 18:02:07 UTC
(In reply to Ahmad Samir from comment #7)
> To clarify things, does kdesud have the setgid bit set?

No, but this has not been set or required in _any_ previous release for kdesu to work just fine.

Furthermore, setting that on a 22.04 system does not in any way change the behaviour or result. kdesu is still borked.
Comment 9 Ahmad Samir 2022-05-06 18:06:38 UTC
kdesu can work without the kdesud daemon, but for it to use the kdesud daemon it must be setgid, that has been the case for a long time...
Comment 10 Rik Mills 2022-05-06 18:10:49 UTC
That is clearly not relevant to the case here, as it worked before without, and NOW does not work with OR without
Comment 11 Rik Mills 2022-05-13 08:39:17 UTC
Seems to be due (or triggered) by this change in sudo config by debian:

https://salsa.debian.org/sudo-team/sudo/-/commit/59db341d46aa4c26b54c1270e69f2562e7f3d751
Comment 12 Rik Mills 2022-05-15 09:37:18 UTC
Now the question is, is this something that KDE wants to fix in kdesu? Or will distros who ship a sudoers config with 'Defaults use_pty' have to exclude that from applying to kdesu?
Comment 13 Erich Eickmeyer 2022-05-15 12:41:12 UTC
My 2c is this is something that KDE *should* fix in kdesu because it means that kdesu has been taking advantage of an exploit in sudo for years, perhaps decades. Basically, it's the same mechanism that the CVE exploits, and that's not a good thing. To use a security hole for functionality sake, even if unknown at the time, is generally bad practice.
Comment 14 Nate Graham 2022-05-19 17:30:11 UTC
*** Bug 454019 has been marked as a duplicate of this bug. ***
Comment 15 Nate Graham 2022-05-19 17:31:31 UTC
*** Bug 453004 has been marked as a duplicate of this bug. ***
Comment 16 Nate Graham 2022-05-19 17:31:33 UTC
*** Bug 452346 has been marked as a duplicate of this bug. ***
Comment 17 Matthew Forrester 2022-05-30 03:08:16 UTC
The Debian maintainer suggested altering the kdesu package to make kdesu use the workaround: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011624#10

I do not know how bad a security hole that would be.
Comment 18 Ahmad Samir 2022-05-30 10:12:01 UTC
(In reply to Matthew Forrester from comment #17)
> The Debian maintainer suggested altering the kdesu package to make kdesu use
> the workaround: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011624#10
> 
> I do not know how bad a security hole that would be.

https://salsa.debian.org/sudo-team/sudo/-/commit/59db341d46aa4c26b54c1270e69f2562e7f3d751

sudo (1.9.5p2-3) unstable; urgency=medium

  We have added "Defaults use_pty" to the default configuration. This fixes
  CVE-2005-4890 which has been lingering around for more then a decade.
  If you would like the old behavior back, please remove the respective line
  from /etc/sudoers.


Let me preface this with stating that I am not an expert on security; however I would say that kdesu should not ship a /etc/sudoers.d/kdesu file with "Defaults!/usr/lib/*/libexec/kf5/kdesu_stub !use_pty" (mentioned in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011624#10) to circumvent a sudo setting/option.

That sounds like a local hack, you could do it on your own system if you think it doesn't matter, but we can't force it on everyone else's systems. (And if it doesn't matter or not important, why was that setting enabled by default in sudoers in Debian?).
Comment 19 xxasdqwe 2023-01-18 00:52:59 UTC
I was able to fix or workaround this issue with one command using `xhost` plus either `+` or more specific argument (see last link below).

I dont know the consequences of this fix or how it works, but it does. The problem started happening with a recent do-release-upgrade from 20.04 to 22.04. A VM made from a fresh install of 22.04 does not have this problem and the recent kdesu updates for Kate and Dolphin work fine to use root.

https://askubuntu.com/questions/1044354/kdesu-not-working

https://bugs.kde.org/show_bug.cgi?id=452532 "kdesu stopped working in KUbuntu due to sudo's use_pty option"

https://unix.stackexchange.com/questions/557823/centos8-run-gtk-program-under-sudo-privileges-cannot-open-display-0
Comment 20 pallaswept 2023-08-02 02:27:58 UTC
This is also breaking kdesu and thus YaST, on OpenSuSE.

I discovered this when trying to run Yast software management, I'd get a bouncing icon and then nothing.

Running the program from the CLI returns the following:

> /usr/lib/YaST2/bin/sw_single_wrapper
Don't need password!!

kf.su: [ /home/abuild/rpmbuild/BUILD/kdesu-5.108.0/src/stubprocess.cpp : 215 ]  Unknown request: "ok"

I have run 
kwriteconfig5 --file kdesurc --group super-user-command --key super-user-command sudo 
so that kdesu will use sudo rather than su, so that sudoers will be respected by KDE.
KDE frameworks got an update around the same time as this change rolled out, so the natural thought was that kdesu was broken, but it turns out to be this option.

Running 
echo 'Defaults !use_pty' | sudo tee -a /etc/sudoers 
and then repeating the above instantly fixes it:

> /usr/lib/YaST2/bin/sw_single_wrapper
Don't need password!!

and the GUI appears and works as intended.

This option has been enabled for security reasons and accordingly kdesu needs to be updated to handle the new default behaviour securely, rather than a workaround that amounts to disabling the security measure.
Comment 21 pallaswept 2023-08-02 02:36:56 UTC
BTW, I've cross-referenced these issues to the original issue at sudo's github: https://github.com/sudo-project/sudo/issues/258
Thought someone ought to leave that link here somewhere :)

I also just noticed this was reported a year and two months ago. This being a security hole in KDE, perhaps it ought to be bumped up the priority list a little?
Comment 22 Fabian Vogt 2023-08-02 07:49:19 UTC
Please give https://invent.kde.org/frameworks/kdesu/-/merge_requests/30 a try.
Comment 23 pallaswept 2023-08-03 17:16:42 UTC
(In reply to Fabian Vogt from comment #22)
> Please give https://invent.kde.org/frameworks/kdesu/-/merge_requests/30 a
> try.

Thanks for the patch, Fabian!

Is there a CI artifact of the binary, or build instructions, so we can try it? The only artifact I saw was a test result.
Comment 24 Fabian Vogt 2023-08-03 17:53:44 UTC
(In reply to pallaswept from comment #23)
> (In reply to Fabian Vogt from comment #22)
> > Please give https://invent.kde.org/frameworks/kdesu/-/merge_requests/30 a
> > try.
> 
> Thanks for the patch, Fabian!
> 
> Is there a CI artifact of the binary, or build instructions, so we can try
> it? The only artifact I saw was a test result.

Not there, but if you're using openSUSE Tumbleweed you can try the package from https://build.opensuse.org/package/show/home:Vogtinator:kde452532/kdesu
Comment 25 pallaswept 2023-08-03 19:02:18 UTC
(In reply to Fabian Vogt from comment #24)
> (In reply to pallaswept from comment #23)
> > (In reply to Fabian Vogt from comment #22)
> > > Please give https://invent.kde.org/frameworks/kdesu/-/merge_requests/30 a
> > > try.
> > 
> > Thanks for the patch, Fabian!
> > 
> > Is there a CI artifact of the binary, or build instructions, so we can try
> > it? The only artifact I saw was a test result.
> 
> Not there, but if you're using openSUSE Tumbleweed you can try the package
> from https://build.opensuse.org/package/show/home:Vogtinator:kde452532/kdesu

I am in fact, but I'm afraid that your repo is only publishing the src package, so I can't actually install from there.
Comment 26 Fabian Vogt 2023-08-03 19:04:35 UTC
(In reply to pallaswept from comment #25)
> (In reply to Fabian Vogt from comment #24)
> > (In reply to pallaswept from comment #23)
> > > (In reply to Fabian Vogt from comment #22)
> > > > Please give https://invent.kde.org/frameworks/kdesu/-/merge_requests/30 a
> > > > try.
> > > 
> > > Thanks for the patch, Fabian!
> > > 
> > > Is there a CI artifact of the binary, or build instructions, so we can try
> > > it? The only artifact I saw was a test result.
> > 
> > Not there, but if you're using openSUSE Tumbleweed you can try the package
> > from https://build.opensuse.org/package/show/home:Vogtinator:kde452532/kdesu
> 
> I am in fact, but I'm afraid that your repo is only publishing the src
> package, so I can't actually install from there.

The binary package is called libKF5Su5, which apparently confuses the Web UI. You can download it manually: https://download.opensuse.org/repositories/home:/Vogtinator:/kde452532/openSUSE_Factory/x86_64/
Comment 27 pallaswept 2023-08-03 19:13:38 UTC
(In reply to Fabian Vogt from comment #26)
> (In reply to pallaswept from comment #25)
> > (In reply to Fabian Vogt from comment #24)
> > > (In reply to pallaswept from comment #23)
> > > > (In reply to Fabian Vogt from comment #22)
> > > > > Please give https://invent.kde.org/frameworks/kdesu/-/merge_requests/30 a
> > > > > try.
> > > > 
> > > > Thanks for the patch, Fabian!
> > > > 
> > > > Is there a CI artifact of the binary, or build instructions, so we can try
> > > > it? The only artifact I saw was a test result.
> > > 
> > > Not there, but if you're using openSUSE Tumbleweed you can try the package
> > > from https://build.opensuse.org/package/show/home:Vogtinator:kde452532/kdesu
> > 
> > I am in fact, but I'm afraid that your repo is only publishing the src
> > package, so I can't actually install from there.
> 
> The binary package is called libKF5Su5, which apparently confuses the Web
> UI. You can download it manually:
> https://download.opensuse.org/repositories/home:/Vogtinator:/kde452532/
> openSUSE_Factory/x86_64/

I couldn't figure out from the spec file why it was only showing the src package, as you say I guess the web UI was confused... Thanks for the workaround.

Confirmed your patch works, thank you sir!
Comment 28 Fabian Vogt 2023-08-04 13:04:20 UTC
Git commit 732dd812d67c7fa62bd187c1171950ca85259b0b by Fabian Vogt.
Committed on 04/08/2023 at 15:04.
Pushed by fvogt into branch 'master'.

SuProcess: Disable echo in the PTY before starting sudo

Recent versions of sudo have use_pty enabled by default, which means that sudo
creates a PTY for starting the user process inside after successful
authentication. This PTY inherits the configuration of sudo's TTY, but later
changes are not transferred. Make sure that echo is already disabled when sudo
is started, as disabling it later has no effect on the nested PTY.

M  +4    -0    src/suprocess.cpp

https://invent.kde.org/frameworks/kdesu/-/commit/732dd812d67c7fa62bd187c1171950ca85259b0b
Comment 29 Fabian Vogt 2023-08-04 13:07:43 UTC
Git commit 70ce587226206cd43122e51ec1220a503e267436 by Fabian Vogt.
Committed on 04/08/2023 at 15:07.
Pushed by fvogt into branch 'kf5'.

SuProcess: Disable echo in the PTY before starting sudo

Recent versions of sudo have use_pty enabled by default, which means that sudo
creates a PTY for starting the user process inside after successful
authentication. This PTY inherits the configuration of sudo's TTY, but later
changes are not transferred. Make sure that echo is already disabled when sudo
is started, as disabling it later has no effect on the nested PTY.
(cherry picked from commit 732dd812d67c7fa62bd187c1171950ca85259b0b)

M  +4    -0    src/suprocess.cpp

https://invent.kde.org/frameworks/kdesu/-/commit/70ce587226206cd43122e51ec1220a503e267436
Comment 30 Ardith Metz 2023-08-12 20:18:14 UTC
Just post mortem note: this issue in kdesu was originally reported in 2018 (with a hint someday use_pty becomes the default): https://bugs.kde.org/show_bug.cgi?id=396767 for which only action taken was autoclose after 5 years of inactivity :)

I laughed a bit seeing it here with critical importance. Nevertheless I'm glad it's finally fixed.
Comment 31 pallaswept 2023-08-22 08:51:14 UTC
Today kdesu 5.109 rolled out of OpenSuSE Tumbleweed's official repos, 109 is the one with the patches, and I can confirm it works, so we can go back to vanilla repos. Thanks again voginator!!