From c5bc6eabc2f77bc6e13356e81f931c6c5f9d06ab Mon Sep 17 00:00:00 2001 From: Eric Hameleers Date: Sun, 12 Aug 2018 13:17:59 +0200 Subject: Refresh the patches that allow dolphin and kate to run as root --- kde/patch/dolphin/dolphin_revert_noroot.patch | 61 +++++++-------------- kde/patch/kate/kate_runasroot.patch | 79 +++++++++++++-------------- 2 files changed, 58 insertions(+), 82 deletions(-) diff --git a/kde/patch/dolphin/dolphin_revert_noroot.patch b/kde/patch/dolphin/dolphin_revert_noroot.patch index 46bb541..423e170 100644 --- a/kde/patch/dolphin/dolphin_revert_noroot.patch +++ b/kde/patch/dolphin/dolphin_revert_noroot.patch @@ -1,44 +1,23 @@ -Taken from openSUSE: -https://build.opensuse.org/package/view_file/KDE:Applications/dolphin/0001-Revert-Disallow-executing-Dolphin-as-root-on-Linux.patch?expand=1 +# Let the user decide whether she wants to run Dolphin as root: -From ba74d639178916221c748b0d5d89f7ac4f5ed669 Mon Sep 17 00:00:00 2001 -From: Fabian Vogt -Date: Sat, 22 Apr 2017 14:00:33 +0200 -Subject: [PATCH] Revert "Disallow executing Dolphin as root on Linux" - -This reverts commit 0bdd8e0b0516555c6233fdc7901e9b417cf89791. -We ship a desktop file to open dolphin as root and we allow YaST on the -desktop. So this patch is absolutely pointless for us. ---- - src/main.cpp | 13 ------------- - 1 file changed, 13 deletions(-) - -diff --git a/src/main.cpp b/src/main.cpp -index 789a52996..acba8daed 100644 ---- a/src/main.cpp -+++ b/src/main.cpp -@@ -35,21 +35,8 @@ - #include - #include - --#ifndef Q_OS_WIN --#include --#endif --#include -- +diff -uar dolphin-18.08.0.orig/src/main.cpp dolphin-18.08.0/src/main.cpp +--- dolphin-18.08.0.orig/src/main.cpp 2018-08-06 22:41:40.000000000 +0200 ++++ dolphin-18.08.0/src/main.cpp 2018-08-11 00:32:48.073913157 +0200 +@@ -43,14 +43,12 @@ extern "C" Q_DECL_EXPORT int kdemain(int argc, char **argv) { --#ifndef Q_OS_WIN -- // Check whether we are running as root -- if (getuid() == 0) { -- std::cout << "Executing Dolphin as root is not possible." << std::endl; -- return EXIT_FAILURE; -- } --#endif -- - QApplication app(argc, argv); - app.setAttribute(Qt::AA_UseHighDpiPixmaps, true); - app.setWindowIcon(QIcon::fromTheme(QStringLiteral("system-file-manager"), app.windowIcon())); --- -2.12.0 - + #ifndef Q_OS_WIN +- // Prohibit using sudo or kdesu (but allow using the root user directly) ++ // Warn using sudo or kdesu (but allow using the root user directly) + if (getuid() == 0) { + if (!qEnvironmentVariableIsEmpty("SUDO_USER")) { +- std::cout << "Executing Dolphin with sudo is not possible due to unfixable security vulnerabilities." << std::endl; +- return EXIT_FAILURE; ++ std::cout << "Executing Dolphin with sudo is UNSAFE due to unfixable security vulnerabilities." << std::endl; + } else if (!qEnvironmentVariableIsEmpty("KDESU_USER")) { +- std::cout << "Executing Dolphin with kdesu is not possible due to unfixable security vulnerabilities." << std::endl; +- return EXIT_FAILURE; ++ std::cout << "Executing Dolphin with kdesu is UNSAFE due to unfixable security vulnerabilities." << std::endl; + } + } + #endif diff --git a/kde/patch/kate/kate_runasroot.patch b/kde/patch/kate/kate_runasroot.patch index 88dbbe9..07139c4 100644 --- a/kde/patch/kate/kate_runasroot.patch +++ b/kde/patch/kate/kate_runasroot.patch @@ -1,48 +1,45 @@ -From 435ed5853b9451ab8fdfff722545c57a8f154625 Mon Sep 17 00:00:00 2001 -From: Fabian Vogt -Date: Sat, 18 Feb 2017 13:49:14 +0100 -Subject: [PATCH] Defuse root block +The user gets to decide whether she wants to run kate as root. +Please developers, do not presume that a Slackware user is dumb. -While the main point is correct as any application running in the same -X session (not sandboxed) can use kate's capability to open a console, -we allow (even encourage) running YaST on X11 as root. -That way it's only an impact on usability. ---- - kate/main.cpp | 3 +-- - kwrite/main.cpp | 3 +-- - 2 files changed, 2 insertions(+), 4 deletions(-) - -diff --git a/kate/main.cpp b/kate/main.cpp -index 342cd5db3..4845646aa 100644 ---- a/kate/main.cpp -+++ b/kate/main.cpp -@@ -64,9 +64,8 @@ int main(int argc, char **argv) - * Check whether we are running as root - **/ +diff -uar kate-18.08.0.orig/kate/main.cpp kate-18.08.0/kate/main.cpp +--- kate-18.08.0.orig/kate/main.cpp 2018-08-06 22:41:28.000000000 +0200 ++++ kate-18.08.0/kate/main.cpp 2018-08-11 00:23:36.968895970 +0200 +@@ -61,14 +61,12 @@ + int main(int argc, char **argv) + { + #ifndef Q_OS_WIN +- // Prohibit using sudo or kdesu (but allow using the root user directly) ++ // Warn using sudo or kdesu (but allow using the root user directly) if (getuid() == 0) { -- std::cout << "Executing Kate as root is not possible. To edit files as root use:" << std::endl; -+ std::cout << "THIS IS POTENTIALLY INSECURE!\nTo edit files as root please use:" << std::endl; - std::cout << "SUDO_EDITOR=kate sudoedit " << std::endl; -- return 0; + if (!qEnvironmentVariableIsEmpty("SUDO_USER")) { +- std::cout << "Executing Kate with sudo is not possible due to unfixable security vulnerabilities." << std::endl; +- return EXIT_FAILURE; ++ std::cout << "Executing Kate with sudo is UNSAFE due to unfixable security vulnerabilities." << std::endl; + } else if (!qEnvironmentVariableIsEmpty("KDESU_USER")) { +- std::cout << "Executing Kate with kdesu is not possible due to unfixable security vulnerabilities." << std::endl; +- return EXIT_FAILURE; ++ std::cout << "Executing Kate with kdesu is UNSAFE due to unfixable security vulnerabilities." << std::endl; + } } #endif - /** -diff --git a/kwrite/main.cpp b/kwrite/main.cpp -index 68a055edb..4937f72d3 100644 ---- a/kwrite/main.cpp -+++ b/kwrite/main.cpp -@@ -54,9 +54,8 @@ extern "C" Q_DECL_EXPORT int main(int argc, char **argv) - * Check whether we are running as root - **/ +diff -uar kate-18.08.0.orig/kwrite/main.cpp kate-18.08.0/kwrite/main.cpp +--- kate-18.08.0.orig/kwrite/main.cpp 2018-08-06 22:41:28.000000000 +0200 ++++ kate-18.08.0/kwrite/main.cpp 2018-08-11 00:24:06.456910567 +0200 +@@ -50,14 +50,12 @@ + extern "C" Q_DECL_EXPORT int main(int argc, char **argv) + { + #ifndef Q_OS_WIN +- // Prohibit using sudo or kdesu (but allow using the root user directly) ++ // Warn using sudo or kdesu (but allow using the root user directly) if (getuid() == 0) { -- std::cout << "Executing KWrite as root is not possible. To edit files as root use:" << std::endl; -+ std::cout << "THIS IS POTENTIALLY INSECURE!\nTo edit files as root please use:" << std::endl; - std::cout << "SUDO_EDITOR=kwrite sudoedit " << std::endl; -- return 0; + if (!qEnvironmentVariableIsEmpty("SUDO_USER")) { +- std::cout << "Executing Kate with sudo is not possible due to unfixable security vulnerabilities." << std::endl; +- return EXIT_FAILURE; ++ std::cout << "Executing Kate with sudo is UNSAFE due to unfixable security vulnerabilities." << std::endl; + } else if (!qEnvironmentVariableIsEmpty("KDESU_USER")) { +- std::cout << "Executing Kate with kdesu is not possible due to unfixable security vulnerabilities." << std::endl; +- return EXIT_FAILURE; ++ std::cout << "Executing Kate with kdesu is UNSAFE due to unfixable security vulnerabilities." << std::endl; + } } #endif - /** --- -2.12.2 - - -- cgit v1.2.3