Page 15 of 16 FirstFirst ... 513141516 LastLast
Results 141 to 150 of 153

Thread: Executing Dolphin as root is not possible.

  1. #141

    Default Re: Executing Dolphin as root is not possible.

    I just used luckybackup, ...as superuser, ...becouse it works very better as superuser than as user, ...does also this kind of software will be affected by the non possibility to use it as root in graphical mode???
    Last edited by pier_andreit; 24-Apr-2017 at 06:20. Reason: also

  2. #142
    Join Date
    Sep 2014
    Location
    Germany
    Posts
    332

    Default AW: Executing Dolphin as root is not possible.

    Quote Originally Posted by hcvv View Post
    It is OK when you think you can handle that, but it should not be posted without comment for others who read this and can come to the wrong conclusions.
    Yes, indeed! I fully agree with you on that.

    My setup definitely must not be used in any production environment and i do not recommend to anyone to use it at all!

    However considering this
    Quote Originally Posted by wolfi323 View Post
    I'd like to note that this check for running dolphin as root has been *removed* (i.e. patched out) in openSUSE's package meanwhile.

    That means that it is possible to run dolphin as root again if using KDE:Applications, and it will continue to be possible in Leap 42.3 and Tumbleweed (even after 17.04.0 hits the repos).
    and all the rest of the discussion we had here i still believe that my setup is helpful (and usable; at least nobody here proofed the opposite so far) in order to see where KDE is going (remember: Only for testing! No production.).

    It would have been quite embarrassing to me if - with the next release of openSUSE - the users i support had been hit by a change like the one we have been discussing in this thread (and me not being aware of it).

    Regards

    susejunky

  3. #143

    Default Re: Executing Dolphin as root is not possible.

    Quote Originally Posted by wolfi323 View Post
    But for security, it doesn't matter much what "people would want". Security is most often (if not always) the opposite of "freedom".

    If an application runs as root, any other application it starts runs as root as well, yes, and actually *anything* it does is done with root privileges. (without any need to switch to root or enter a password again)

    That is one part of the security "problems".

    .
    Thanks for the clarity Wolfi.

    Personally I see this as a perceived security problem rather than an actually proven one but that will depend on the user that is using a desktop this way. Why - I came across an issue with cifs. It turned out that one aspect had been removed due to questions about security rather than fact. The reasons for the change initially posted might be due to some one inventing something and calling it dbus. Elsewhere it looks to me that the rest of the system makes a lot of use of ports. Something usually associated with networks. KDE and others may do too. What's different?

    If this is the case maybe the solution is to hang an open and edit link as root to right clicks. from a file browser. What ever level that is done at though the editor is highly unlikely to do the entire job. Some services will pass keyboard actions, mouse actions if it uses one and yet another will render. Any sort of auto complete highlight etc adds complications. This would limit damage though as an editors just does that edit's. This wouldn't fit in with one password - copying windows. That would need different class of user who happened to have an editor that can run as root.

    The aspect is probably security vulnerabilities in code. The way hackers usually get in, generally at rather low levels in the network area. Another aspect is rogue code. That is usually contained by controlling what software is installed. Even what updates are applied and maybe even when they are applied. It needn't be as soon as they come out.

    Then comes security from local and vpn users. Passwords can be seen being typed. Adding odd characters doesn't help with that aspect. In fact it makes spotting what is being typed easier. Finger print readers don't seem to be very popular. The ancient mantra, use a phase is far better and never mentioned.

    Someone might like to note that I have seldom been on a soapbox in this thread - just trying to explain why some things develop as they do. I notice because my software background has nearly always required a very structured approach even before any is written. That doesn't mean that there wont be any changes on the way though. Nobody is perfect.

    John
    -
    Leap 42.2 KDE 5.26
    3.6gig Xeon, 64bit SATA Raid home - Linux Raid 1
    All software on a flash drive, SATA swap & Temp files,

  4. #144

    Default Re: Executing Dolphin as root is not possible.

    Quote Originally Posted by pier_andreit View Post
    I just used luckybackup, ...as superuser, ...becouse it works very better as superuser than as user, ...does also this kind of software will be affected by the non possibility to use it as root in graphical mode???
    What are you talking about now?
    There is no general "non possibility to use applications as root in graphical mode" currently, and I am not aware of any plans to change that.

    The KDE developers decided to make kate/kwrite and dolphin explicitly refuse to run as root for reasons I already tried to explain.
    Read this for further explanations:
    https://cgit.kde.org/kate.git/commit...c99f46b0e12a7e
    https://blog.martin-graesslin.com/bl...files-as-root/

    Btw, this is what started it: http://permalink.gmane.org/gmane.com...evel.kfm/17095 (read the quoted mail, I don't find the original)
    The README of the mentioned exploit (that I already described here):
    This exploit demonstrates how one can exploit a root run application connected to the same X server.
    The exploit waits for a dolphin to be opened, checks whether it's run as root. If it is the exploit
    starts sending key events to the dolphin window using the XTest extension (note: this would also
    work with xcb_send_event). First an "F4" to open the embedded Konsole followed by a "whoami" to
    demonstrate that we are able to execute commands as root.

    == How to build?

    mkdir build
    cd build
    cmake ../
    make

    == How to execute?

    ./exploit

    == How to use the exploit?

    Run:
    kdesudo dolphin

    == How do I notice it worked?

    Konsole tab is opened and one can see:
    $root# whoami
    $root
    I don't know whether the developers of luckybackup would consider doing something like that in the future or not, but it's up to them.

    I'd like to clarify one thing though, about Wayland that I mentioned (because I somehow think you are referring to that now):
    It's not actively being prevented by Wayland to start X applications as root in a Wayland user session.
    It's just not working currently out of the box. There is a workaround to make it possible, see the bug report I mentioned.
    And as I understand it, it's likely that this will get "fixed" at some point in the future.
    Last edited by wolfi323; 24-Apr-2017 at 07:56.

  5. #145

    Default Re: Executing Dolphin as root is not possible.

    Quote Originally Posted by susejunky View Post
    However considering this and all the rest of the discussion we had here i still believe that my setup is helpful (and usable; at least nobody here proofed the opposite so far) in order to see where KDE is going (remember: Only for testing! No production.).
    I didn't say that your setup is not usable.
    I just wrote that you normally should not use "zypper dup" to update your system...

    Regarding the KDE repos, it should suffice to switch to them *once* (via "zypper dup", maybe in combination of "--from").
    Then you can just run "zypper up" to keep the system up-to-date.

    And there are no intentions to split the repos up further in any way. The current setup has been created with the switch to KF5, and reflects KDE's release process.

    This discussion here has in no way influenced the openSUSE KDE team's decision though.
    And we were well aware of this upstream KDE decision way before this thread, as links I posted show.

  6. #146

    Default Re: Executing Dolphin as root is not possible.

    PS: It has been mentioned before here, but I'd like to again.

    It is quite easy to avoid running dolphin or kate/kwrite as root and still be able to access system files/directories.
    Just type something like "sftp://root@localhost" into dolphin's address field, or the "Open file" dialog.

  7. #147

    Default Re: Executing Dolphin as root is not possible.

    Oh, and I forgot to mention, mainly directed @susejunky:
    KDE:Frameworks5 is fully published meanwhile, so you should be able to install dolphin 17.04.0 now without conflicts.

  8. #148
    Join Date
    Sep 2014
    Location
    Germany
    Posts
    332

    Default AW: Re: Executing Dolphin as root is not possible.

    Quote Originally Posted by wolfi323 View Post
    I didn't say that your setup is not usable.
    I just wrote that you normally should not use "zypper dup" to update your system...
    What i wanted to express is that i readily will change my setup as soon as someone proposes a better one (apart from Tumbleweed) which will help to achieve my goal. It wasn't my intention at all to put any blame on you. I'm no native english speaker so i may sound rude/clumsy sometimes. Please accept my apologies.

    Quote Originally Posted by wolfi323 View Post
    Regarding the KDE repos, it should suffice to switch to them *once* (via "zypper dup", maybe in combination of "--from").
    Then you can just run "zypper up" to keep the system up-to-date.
    Thank you for this hint. Just for my understanding: What had happened when i had used "zypper up" while publishing was still disabled for KDE:Frameworks5 and the repo contained a mixture of 5.32.0 and 5.33.0? Which version of dolphin had i ended up with in that situation?

    Quote Originally Posted by wolfi323 View Post
    And there are no intentions to split the repos up further in any way. The current setup has been created with the switch to KF5, and reflects KDE's release process.
    All i wanted to say is that it is quite hard for me to find out how the KDE repository structure works (and to keep track of any changes). If you could point me to more information on this topic i would be very pleased. So again: Please accept my apologies if i sounded like "finger-pointing".

    Quote Originally Posted by wolfi323 View Post
    This discussion here has in no way influenced the openSUSE KDE team's decision though.
    And we were well aware of this upstream KDE decision way before this thread, as links I posted show.
    No doubt about this!

    I can't tell by whom or when or why the decision was made to patch out the discussed behavior from dolphin even in openSUSE 42.3. But i welcome this decision very much!

    Regards

    susejunky

  9. #149

    Default Re: Executing Dolphin as root is not possible.

    Quote Originally Posted by susejunky View Post
    What i wanted to express is that i readily will change my setup as soon as someone proposes a better one (apart from Tumbleweed) which will help to achieve my goal. It wasn't my intention at all to put any blame on you. I'm no native english speaker so i may sound rude/clumsy sometimes. Please accept my apologies.
    No need to apologize here.
    Actually I forgot to add a smiley in my reply...

    Oh, and I'm no native english speaker either.
    I'm sure there are times when my wording could be better too, or I may just misunderstand things because of that.

    Thank you for this hint. Just for my understanding: What had happened when i had used "zypper up" while publishing was still disabled for KDE:Frameworks5 and the repo contained a mixture of 5.32.0 and 5.33.0? Which version of dolphin had i ended up with in that situation?
    "zypper up" would just not have installed the latest package in KDE:Applications (because of the conflict), and kept the previous one instead.

    "zypper dup" OTOH is designed to upgrade the whole distribution to a different version, it isn't really concerned about only doing package updates.
    Simply put, it just installs the highest version of each package that it can find in *any* configured repository. It will also happily *down*grade a package if only lower versions exist or to avoid conflicts.
    Or, to express it differently, it has a different scope. It looks at the installation as whole, and tries to sync it to the current set of repos.
    "zypper up" OTOH, looks at each package separately and tries to update it if there is a newer version in the same repo.

    All i wanted to say is that it is quite hard for me to find out how the KDE repository structure works (and to keep track of any changes). If you could point me to more information on this topic i would be very pleased.
    We basically have these KDE repos:
    - KDE:Qt5: that contains the latest stable Qt5 release, and there's KDE:Qt for the latest stable Qt4 release. There are also KDE:Qt5X repos that contain unstable 5.X git snapshots, but I wouldn't recommend to use them.
    - KDE:Frameworks5: the latest KDE Frameworks 5 (KDE's libraries) and Plasma5 packages
    - KDE:Applications: the latest software from the upstream "KDE Applications" releases
    - KDE:Extra: latest versions of other KDE applications (that are not officially part of "KDE Applications" upstream, they have their own, independent release cycle), and also additional packages that are not included in Tumbleweed.
    All of the above are actually development projects for Tumbleweed, their main purpose is to package the latest versions and submit them to Factory/Tumbleweed. Offering them for openSUSE Leap releases is more or less a "bonus".

    Then there are also KDE:UnstableXX variants of the latter 3 that contain unstable git snapshots.
    If you'd want to use those, you'd need to combine the unstable ones though, i.e. KUF, KUA, KUE, KDE:Qt58.
    (in case you wonder, these are the abbreviations we use: KUF=KDE:Unstable:Frameworks, KUA=KDE:Unstable:Applications, KUE=KDE:Unstable:Extra, OTOH we normally refer to KDE:Frameworks5 as KF5 and KDE:Applications would be KA... )

    Finally, since a few months we also have KDE:Frameworks5:LTS, which is the development project for Leap (42.3 at the moment) and contains the latest Plasma LTS versions (5.8.x currently) and the chosen Frameworks version (5.32.0 now, as that's what we intend to ship in Leap 42.3)

    We do have a Wiki page about the things we offer, it doesn't contain *all* details though (actually I just noticed that KDE:Applications has been removed completely there, it used to be mentioned not too long ago IIRC):
    https://en.opensuse.org/SDB:KDE_repositories
    Last edited by wolfi323; 24-Apr-2017 at 11:15.

  10. #150
    Join Date
    Sep 2014
    Location
    Germany
    Posts
    332

    Default AW: Re: Executing Dolphin as root is not possible.

    Quote Originally Posted by wolfi323 View Post
    Oh, and I forgot to mention, mainly directed @susejunky:
    KDE:Frameworks5 is fully published meanwhile, so you should be able to install dolphin 17.04.0 now without conflicts.
    Thank you very much!

    Today's update gave me dolphin 17.04.0 (which works fine even with admin privileges and shows a complete german UI).

    Regards

    susejunky

Page 15 of 16 FirstFirst ... 513141516 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •