Bug 115898 - kdesu's sudo handling fundamentally broken
Summary: kdesu's sudo handling fundamentally broken
Status: CONFIRMED
Alias: None
Product: kdesu
Classification: Applications
Component: general (show other bugs)
Version: unspecified
Platform: openSUSE Linux
: NOR normal
Target Milestone: ---
Assignee: kdesu bugs tracker
URL:
Keywords:
: 136894 140646 143168 144281 157276 195127 (view as bug list)
Depends on:
Blocks:
 
Reported: 2005-11-08 08:38 UTC by Misha Aizatulin
Modified: 2017-06-02 19:29 UTC (History)
12 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Misha Aizatulin 2005-11-08 08:38:47 UTC
Version:            (using KDE KDE 3.4.2)
Installed from:    SuSE RPMs
OS:                Linux

This seems to be mentioned in 36833 in two of the messages

sometimes kdesu window won't come up:

avatar@avatar:~> kdesu -v
Qt: 3.3.4
KDE: 3.4.2 Level "b"
KDE su: 1.0
avatar@avatar:~> kdesu ls
(hangs ...)

Issuing "killall kdesud" helps.
Comment 1 René Krell 2006-01-23 14:05:30 UTC
I have absolutely the same problem already a long time, actually only in a a newer KDE version:
Qt: 3.3.5
KDE: 3.5.0 Level "a" (SuSE 10.0 unsupported)
KDE su: 1.0
The problem iccured in earlier KDE versions for me, too, at least 3.4.2.

Steps to reproduce:
- Restart Yast2 Control Center as a "normal user" more times as often as the kdesu dialog appears. Most probable it will fail sometimes. Not savely to reproduce.
Comment 2 Brandon 2006-06-02 05:34:17 UTC
i have the same problem in kubuntu, alot of times kdesu wont do anything. ill try to run a program that is supposed to pop up a kdesu box first and it doesnt nothing. it gets really annoying! i'd gladly donate money to get this bug fixed once and for all!
Comment 3 Nicolai Haehnle 2007-02-21 15:29:49 UTC
I have run into what I believe to be this bug in Kuntu Feisty betas. I have investigated, including steps to reproduce and a possible explanation of where this bug comes from:

https://launchpad.net/ubuntu/+source/kdebase/+bug/50971
Comment 4 Tommi Tervo 2007-02-21 15:45:48 UTC
*** Bug 140646 has been marked as a duplicate of this bug. ***
Comment 5 Lubos Lunak 2007-02-22 14:26:51 UTC
This should be fixed in 3.5.7.
Comment 6 Jeremy Shaw 2007-07-17 23:23:35 UTC
I backported all the patches from this branch:

http://websvn.kde.org/branches/KDE/3.5/kdebase/kdesu/kdesud/kdesud.cpp?view=log

to 3.5.6, but I still see the hang described in this bug. Are there additional patches that I need to apply?
Comment 7 Brandon 2007-07-18 02:36:03 UTC
its still there, i dont think this bug will ever get squashed. ive found out that it always works the second time though.
Comment 8 Wouter Horré 2007-07-18 11:42:15 UTC
I can confirm that this bug is still present in the kde 3.5.7 packages provided by Kubuntu 7.04.

Steps to reproduce:
* open konsole
* sudo ls (or some other command)
* close konsole
* Alt-F2 -> run: kdesu kwrite

-> no password prompt, kdesu hangs:
wouterh  32534  0.0  0.0   1712   476 ?        S    11:32   0:00  \_ /bin/sh -c kdesu kwrite
wouterh  32535  0.4  1.1  26460 12156 ?        S    11:32   0:00      \_ kdesu kwrite
root     32538  0.0  0.0   1520   324 pts/9    Ss+  11:32   0:00          \_ /usr/bin/kdesu_stub -
root     32541  0.0  0.0   2632  1024 pts/11   Ss+  11:32   0:00          \_ /usr/bin/sudo -u root /usr/bin/kdesu_stub -

An adequate description of what is happening is in:
https://bugs.launchpad.net/ubuntu/feisty/+source/kdebase/+bug/50971/comments/13
and
https://bugs.launchpad.net/ubuntu/feisty/+source/kdebase/+bug/50971/comments/14

My opinion is that is there something fundamentally broken in the way kdesu handles the sudo backend (see also bug #20914).
Comment 9 Lubos Lunak 2007-10-08 16:59:50 UTC
Reopening.
Comment 10 Chandra Sekar 2007-10-21 12:20:27 UTC
*** This bug has been confirmed by popular vote. ***
Comment 11 Shriramana Sharma 2007-12-21 10:11:40 UTC
I reported bug 143168 which seems to be very similar to, if not an actual duplicate of this bug.

I have not had this problem after upgrading to Kubuntu Gutsy, which uses the new kdesudo instead of kdesu. It was introduced in Kubuntu Gutsy Tribe 5, as seen at: https://wiki.kubuntu.org/GutsyGibbon/Tribe5/Kubuntu

The kdesudo page at kde-apps http://www.kde-apps.org/content/show.php/KdeSudo?content=72106 itself says that "KDE's normal kdesu doesn't deal correctly with sudo". And nice news is that kdesudo 2.0 was released just yesterday with package available for Hardy at http://packages.ubuntu.com/hardy/kde/kdesudo. (I already have backported it to Gutsy and installed.)

So to fix in KDE's SVN this bug and the other one which I reported, either you can merge from kdesudo's code or better still, meaning the cleaner way, just throw away kdesu and take kdesudo as an official KDE project, just like was done for Kicker (IIRC) and other code in the transit to KDE 4.

I don't see any place where a KDE GUI front-end to su is needed where having the same for sudo won't work. On the terminal, there's a difference -- su is effective over all following commands whereas sudo is only for the one command. But when opening apps with root permission (which is the main use for su/sudo) in a GUI, kdesudo will just do fine, methinks.

It would be OK with me if the other bug were marked a duplicate of this.
Comment 12 Thomas Friedrichsmeier 2007-12-21 13:25:42 UTC
*** Bug 143168 has been marked as a duplicate of this bug. ***
Comment 13 Thomas Friedrichsmeier 2007-12-21 13:43:20 UTC
Unfortunately just replacing kdesu with kdesudo will not do either. This may be a good solution in Ubuntu (esp. if it really is command-line compatible, now), but note that many other systems just do not have a read-configured sudo out of the box (but do have a working su). These two approaches just are not equivalent, and both have a reason for existing. So while the situation definitely needs to be improved, there is no trivial solution.

If you are interested in working on this, add your thoughts to http://techbase.kde.org/Projects/kdesu .
Comment 14 Shriramana Sharma 2007-12-21 15:26:26 UTC
Can you please give me some example cases where a sudo frontend won't work and only a su frontend will? I mean, apart from the "many people don't have sudo" thing. 

In effect, I am asking you the "reason for existing" of a su front-end, when a sudo front-end exists.

I also did not understand that part about "read-configured sudo".
Comment 15 Thomas Friedrichsmeier 2008-01-01 22:40:23 UTC
Sorry, "read-configured" was a typo for "ready-configured", and this is the crux about the matter: sudo needs to be configured, before it can be used. And there are two basic configuration choices:

a) Allow the user to do anything, i.e. essentially be root. kdesu already supports using sudo in this way (compilation and configuration option), and AFAIK it supports this reasonably well. However this setup pretty much defies the security advantage of sudo. And in fact I for one prefer to have a separate password for the adminstrative account, instead of making it available with the same user password. So such a setup simply can not be assumed or even enforced.

b) Fine-tuning which administrative commands the user may or may not run. Certainly the gold-standard for controlling admin privileges for not fully trusted users. However, this requires a lot of love to set up, so once again this cannot just be assumed.

sudo is not 100% "a better su". It is an entirely different approach. Ideally kdesu would support both at once, and allow the user to switch between the modes easily, if needed. Presently it's easy enough to just replace kdesu with kdesudo if that is wanted (and done in ubuntu), and if for you sudo is better on all counts, then I recommend you do so. But definitely just dropping su support, and assuming all users will be happy to use sudo instead, does not sound like a good plan.

Anyway, this is pretty OT for this bug report. Feel free to discuss further in the above mentioned wiki page or in private mail, but let's not continue this discussion in this unrelated bug report.
Comment 16 Oswald Buddenhagen 2010-11-06 17:35:55 UTC
to summarize:

- the kdesu api in kdelibs offers a mode to check whether a password will be needed and one to actually execute a command, optionally with a password. this is broken by design, because sudo will behave differently on each call due to password caching and a dependency on the controlling terminal. a proper api would use a callback to query the password on demand.
- the implementation uses a stub which receives all its parameters via stdin instead of command line arguments. this completely subverts sudo's selective authorization model.

point one cannot be fixed until kde5. point two would be fixable now.

buut ... i think the most sensible approach is simply purging the "transparent" sudo support from kdelibs (and the entire kdesu api in kde5). for the frontend implementation, the kdesudo code should be merged - it's fairly simple. alternatively, see bug 20914.
Comment 17 Oswald Buddenhagen 2010-11-06 19:09:07 UTC
*** Bug 136894 has been marked as a duplicate of this bug. ***
Comment 18 Oswald Buddenhagen 2010-11-06 20:07:14 UTC
*** Bug 144281 has been marked as a duplicate of this bug. ***
Comment 19 Oswald Buddenhagen 2010-11-06 20:37:04 UTC
*** Bug 157276 has been marked as a duplicate of this bug. ***
Comment 20 Oswald Buddenhagen 2010-11-06 22:27:01 UTC
*** Bug 195127 has been marked as a duplicate of this bug. ***
Comment 21 Oswald Buddenhagen 2010-11-07 19:43:20 UTC
hmpf. now i think that the original report is unrelated to most of the additional comments and the "duplicates" i added. it is duplicated by bug 208979 which has a useful log attached, so it can be tracked there.
Comment 22 Ralf Jung 2012-04-11 12:41:02 UTC
This sounds like exactly the problems described in https://bugs.launchpad.net/ubuntu/+source/kdebase/+bug/50971/comments/14 - and 6 years after the initial report, the sudo backend in kdesu is still not working properly.

(In reply to comment #15)
> a) Allow the user to do anything, i.e. essentially be root. kdesu already
> supports using sudo in this way (compilation and configuration option), and
> AFAIK it supports this reasonably well. However this setup pretty much
> defies the security advantage of sudo. And in fact I for one prefer to have
> a separate password for the adminstrative account, instead of making it
> available with the same user password. So such a setup simply can not be
> assumed or even enforced.
No, it does not work "reasonably well", that's just the point of the bugreport. Bug 292176 seems to be merely a symptom: Even when I do always enter the password correctly, I get errors in auth.log about incorrect login attempts. Besides, the kdesu daemon is often blocking my system from shutting down cleanly, since it is still hanging somewhere.
Unfortunately, there does not seem to be a way to use kdesudo instead - even after installing it, applications which have "Run as a different user" checked in KMenuEdit do not use kdesudo, but kdesu (which does not exist as a binary anymore, I assume it's calling something from libkdesu).
Comment 23 David Faure 2012-04-16 07:46:11 UTC
>  kdesu (which does not exist as a binary anymore...)

It does, it's under /usr/lib[64]/kde4/libexec/kdesu
Comment 24 Ralf Jung 2012-04-16 08:03:22 UTC
(In reply to comment #23)
> It does, it's under /usr/lib[64]/kde4/libexec/kdesu
Oh, sorry, I just checked the $PATH.