pdf forms bricked a user

I had two (sometimes more) pdf files with forms open. One of the pdf files was

http://forms.marylandtaxes.com/16_forms/502.pdf

I copied the original to another file. When I opened the file to update, I found the original file had the changes too. Looks like they share a common work area. (?)

But then the real excitement started. The kwrite program would not start. After clicking the text file several times it would finally come up. But eventually it would not start at all. And then other programs from the kicker would not start. Sometimes with a “can’t start…” message, other times with no message. Just dumb.

I did see one message that was more meaningful. Something about x-something maximum number of logins reached. I only had about 3 dolphins, ksysguard, and the several pdf files open. So I can’t make sense out of that.

It finally got to the point where nothing would start, and no message. Even after a reboot. The user is bricked.

Luckily, I had a different unused user defined that I could use to create a new user. And copy the stuff from the bricked user, change the owner, etc…

If it hadn’t been for that unused user, the whole system would have been bricked. Because it will not allow login as root after a boot.

Please don’t ask me to duplicate this error. I don’t want find out if this might expand to bricking the whole file system.

I see two issues here:

1. Whatever is going wrong with pdf forms needs to be fixed. That’s a critical bug, seeing that it bricks users.

2. OpenSUSE should not allow a system to be installed with just one user. If that one user gets bricked, then the whole system is bricked. (I understand the security concerns of root. But at least two normal and working users should always be there. Automatically create one called admin or something. You can switch to root once you login.)

Try open kwrite through the terminal to see what’s going on.

On 04/19/2017 09:16 AM, LouBryan wrote:

> But then the real excitement started. The kwrite program would not
> start. After clicking the text file several times it would finally come
> up. But eventually it would not start at all. And then other programs
> from the kicker would not start. Sometimes with a “can’t start…”
> message, other times with no message. Just dumb.
>
> I did see one message that was more meaningful. Something about
> x-something maximum number of logins reached. I only had about 3
> dolphins, ksysguard, and the several pdf files open. So I can’t make
> sense out of that.
>
> It finally got to the point where nothing would start, and no message.
> Even after a reboot. The user is bricked.

What do you see at the command line logging in as the user? That
X/Gnome/KDE may be hosed, I do not doubt, but that the whole user is
actually broken seems beyond reason, so let’s figure it out. Once you
login to the command line as that user, maybe you can run ‘startx’ (does
that still work? hope so) to start the GUI and get some new error message
from the X environment.

> Luckily, I had a different unused user defined that I could use to
> create a new user. And copy the stuff from the bricked user, change the
> owner, etc…
>
> If it hadn’t been for that unused user, the whole system would have been
> bricked. Because it will not allow login as root after a boot.

That’s pretty unlikely; even if you had completely destroyed all users,
you could still get in in recovery mode; if you use BtrFS you could
presumably roll back the system side of things (not the user part) and get
the system itself back.

> Please don’t ask me to duplicate this error. I don’t want find out if
> this might expand to bricking the whole file system.

Also highly unlikely unless you run as ‘root’ which is crazy.

> I see two issues here:
>
> 1) Whatever is going wrong with pdf forms needs to be fixed. That’s a
> critical bug, seeing that it bricks users.

If it does break the X environment somehow, then I agree that’s pretty
bad. Since we do not have a lot to go on except “a PDF caused a problem
far beyond what should have been possible”, we should probably start with
duplicating the problem.

> 2) OpenSUSE should not allow a system to be installed with just one
> user. If that one user gets bricked, then the whole system is bricked.
> (I understand the security concerns of root. But at least two normal
> and working users should always be there. Automatically create one
> called admin or something. You can switch to root once you login.)

This may seem logical at first, but it definitely is not. You can always
recover a system with rescue media; you can roll back the system with
BtrFS snapshots. You can go to single-user mode (assuming you have
physical access or equivalent) and modify files without using any “user”.
Creating two users just means two attack surfaces, two prompts during
setup, and no net benefit. ‘root’ could be used for this, but ideally
‘root’ has no password, but you always have options to get to your data in
Linux unless you munge the hard drive or lose your encryption key (if you
use encryption).

–
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.

I mean tot ask: which exact version of openSUSE are you use? Any comments
on the patches applied recently? Had you logged out and back in after
applying any patches? Do you use Gnome or KDE? Which program did you use
to open the PDF in the first place?

–
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.

I’m not sure why you tried to open a pdf file with kwrite?
kwrite does not support pdf files and a large binary file might cause kwrite (and the plasma desktop) to freeze
it’s quite possible kwrite/plasma destroyed some config file you’re better off with a clean user account and don’t use a text editor for pdf forms
afaik there are 4 ways to fill out pdf forms on opensuse
#1 using chromium with the pdf plugin which is open sourced now and comes bundled with chromium and it’s based on the foxit sdk
#2 with mupdf, but mupdf form support is pretty basic
#3 by using the abandoned and unsupported adobe reader 9 you can find it with a google search it’s on adobe’s public ftp I’m not sure the last version of opensuse that shipped it but it’s 32bit and abandoned
#4 by using the Foxit reader for Linux it comes as a binary blob but it has a 64 bit build and supports pdf forms, I’m not posting links you can find it with google

I do not think that LouBryan meant the files were opened with kwrite, but
just that kwrite stopped would not work properly after the PDFs were used
with whatever program WAS used.

–
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.

that’s how I understood it the OP wasn’t clear enough as the title is pdf forms and the only application he mentions is kwrite
could a 3rd party pdf viewer destroyed his plasma config files?
maybe, but as opensuse only comes with chromium and mupdf that have some sort of pdf forms support I really doubt that they’re the culprits
I did open the linked document and had no issues so I don’t think it was a malicious pdf file
there was a large security hole regarding pdf’s found in openjpeg (it’s used for jpeg2000 compressed images in pdf’s)
http://www.securityweek.com/openjpeg-flaw-allows-code-execution-malicious-image-files
even tho the LEAP version of openjpeg is at 2.1.0 I do think they backported the security fixes from 2.1.2
(fingers crossed)

Yes, and from in link in the Wikileaks Vault 7 (CIA dump) which pointed to a publicly available slide presentation from SYSCAN 360 2014 about how bad AV software can and has been, there is an interesting part about malformed PDF files which can result in owning a machine… but a FYI is that not all such incidents are intentional… There can be coding accidents, random corruptions and other misc things that can happen that might result in a simple system freeze instead. This kind of stuff might make a User paranoid.

TSU

I am not doing it that often, but I use Okular.

I’ve never used pdf forms and I thought Okular didn’t support them
but apparently Okular supports pdf forms since version 0.7 and the LEAP version 1.0 supports them

Sorry I left out some details.

This is specifically on opensuse 42.1. The system does not have any patches applied after the install.

This is kde.

I did not use kwrite to open the pdf file. The kwrite was just to get some information from a separate text file.

I did not pay attention to which pdf viewer came up. It was just the default. I think it was probably Okuar.

I did not install any additional pdf viewers, especially not Adobe (which I refuse to install). If there are other pdf viewers installed, then they got installed with the 42.1 install from dvd. I don’t recall ever seeing mupdf or Foxit. And I was not using Chromium.
I just clicked on the pdf in dolphin.

My questions:

1. How do I login to the bricked user using the command line?

2. I tried various things on the login after boot. But I couldn’t find anything about recovery. How do I login as root after a boot if I only have 1 user and it was bricked?

Probably you created a link (soft or hard)?

Works fine here in 42.1. Some time ago there was a discussion about malicious executable files disguised as pdf, but the file you linked, when downloaded by firefox, did not have execute permission. It could have if it was indeed malicious and you downloaded it in a zip file, or if your browser doesn’t strip off the executable bit (firefox does IINM). You should always check the download link, however. This is not https, which is suspicious.

But the pdf worked fine with okular, including filling out the form fields. Also opening kwrite afterward gave no trouble. I even opened the pdf itself (with a bunch of invalid characters warning) and saved to a txt file. No problems.

Not here, worked OK after reboot. Also after changing session to another user.

You can always log to the terminal. You may want to install a friendly terminal file manager/editor, like mc (midnight commander). There’s also a command line yast2 version that would allow you to create a new user almost as easily as with the GUI version.

1. Not here, I can’t reproduce this bug.

2. As noted above, there’s plenty of options from the terminal - for instance, just press ALT-CTRL-F1 to go to the first terminal, log in (as root or another user + su) and start yast2.

Anyway, that’s my mileage here. Yours may vary.

sounds like a video driver issue
what kind of graphic card and driver do you have
nvidia desktops need the propitiatory driver as novaou has issues with plasma 5
newer nvidia laptops need bumblebee for the same reason
intel users need to use uxa acceleration as sna causes plasma 5 to freeze
I have no experience with amd
as it was mentioned if you can’t login with the display manager press ctrl+alt+F and do a terminal login

Steps:

ctrl-alt-F1
login: (put working user here)
Last login: Sat Apr 22 21:30:26 on tty2
Have a lot of fun…
> kwrite
QXcbConnection: Could not connect to display
Aborted
> exit

login: (put non-working user here)
Last login: (similar to above)
Have a lot of fun…
Can’t open display
> kwrite
QXcbConnection: Could not connect to display
Aborted
> exit

The results are the same for the working user and non-working user, except for the “Can’t open display” on the non-working user.

you can’t use gui applications like kwrite under text mode
if you need a text editor try a text mode editor like vim so try running vim (or vi)
what graphic processor and driver do you use as nvidia chips with the nouveau driver and intel chips with sna acceleration do cause random freezes and plasma crashes

As said above, this is impossible to do. And when you think about what should happen, you will understand why.

Linux is a multi-user, multi-session system. Which means there can be zero, one, or many CLI and GUI sessions for different or the same users running at the same moment in time. Thus when in one of those session somebody starts a GUI program, where should the window be opened?

When in a GUI session the default (mark, the default) is to open it at the current GUI session (display). But on what session/display when this is done from a CLI session?

And even when you specify on which session the window should be opened (it is possible by defining the “display”, the term used in the error message), the owner of that session is master of his/her display and most probably will not allow others to open windows on it (could be a key tracker or something like that).

In any case, I hope you understand that this has nothing to do with any PDF program running anywhere on your system.