Bug 387973 - Allow Kate to be launched when logged in as the root user (NOT sudo'd in a user session)
Summary: Allow Kate to be launched when logged in as the root user (NOT sudo'd in a us...
Status: RESOLVED FIXED
Alias: None
Product: kate
Classification: Applications
Component: general (show other bugs)
Version: 17.08.2
Platform: Other Linux
: NOR normal
Target Milestone: ---
Assignee: KWrite Developers
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-12-16 23:08 UTC by Nate Graham
Modified: 2018-05-31 18:15 UTC (History)
4 users (show)

See Also:
Latest Commit:
Version Fixed In: 18.08.0
Sentry Crash Report:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Nate Graham 2017-12-16 23:08:24 UTC
This came up in https://bugs.kde.org/show_bug.cgi?id=179678#c37

As a part of implementing PolKit support, Kate was prevented from running with root privileges via sudo, which is fine. Unfortunately, now Kate also doesn't launch when you're actually logged in as the root user. This is probably not necessary since if you're already the root user, privileges aren't really an issue anymore.

It's worth mentioning that this isn't a Wayland or PolKit restriction; GNOME's Gedit can be launched when logged in as the root user, even in a Wayland session.
Comment 1 michael 2018-02-14 15:24:12 UTC
Kate's current hard code check also fails to account for docker or SELinux restrictions that are still enforced even if you are root. For example you cann't use mount under default docker configuration. Just allowing it to be run while logged in as root be acceptable given the security concerns surrounding su usage.
Comment 2 Nate Graham 2018-05-31 18:15:53 UTC
Git commit bf6d5b7532968763bdc629aa90426c53500af13f by Nathaniel Graham.
Committed on 31/05/2018 at 18:15.
Pushed by ngraham into branch 'master'.

Re-allow running Kate and KWrite as the actual root user (but still not using sudo)

Summary:
The original change (9adcebd3c2e476c8a32e9b455cc99f46b0e12a7e) to prevent sudo usage broke the use case of running KWrite or Kate while logged in as the actual `root` user with a GUI session. This is how the Kali distro is set up by default, so the original change amounted to making Kate and KWrite not launch at all on this KDE distro.

This patch re-enables running as the actual root user, but keeps blocking usage via `sudo` or `kdesu`. There are no negative security implications associated with re-allowing usage via the root user, since if you're running a GUI session, you were already exposed to the original security threat and Kate and KWrite do not increase the attack surface.

I have submitted a similar change for Dolphin that has been accepted (D12795), but @elvisangelaccio wants that to go in at the same time as this, to keep them in sync.
FIXED-IN: 18.08.0

Test Plan:
- Log in as normal user and run `sudo kate` or `sudo kwrite`: you get an error message.
- Log in as normal user and run `kdesu kate` or `kdesu kwrite`: you get an error message.
- Log in as the root user and run Kate or KWrite normally: it works.

Reviewers: #kate, dhaumann, cullmann, #ktexteditor

Reviewed By: #kate, dhaumann, #ktexteditor

Subscribers: kwrite-devel, elvisangelaccio

Tags: #kate

Differential Revision: https://phabricator.kde.org/D13138

M  +8    -6    kate/main.cpp
M  +8    -6    kwrite/main.cpp

https://commits.kde.org/kate/bf6d5b7532968763bdc629aa90426c53500af13f