Commit bf6d5b75 authored by Nate Graham's avatar Nate Graham

Re-allow running Kate and KWrite as the actual root user (but still not using sudo)

Summary:
The original change (9adcebd3) to prevent sudo usage broke the use case of running KWrite or Kate while logged in as the actual `root` user with a GUI session. This is how the Kali distro is set up by default, so the original change amounted to making Kate and KWrite not launch at all on this KDE distro.

This patch re-enables running as the actual root user, but keeps blocking usage via `sudo` or `kdesu`. There are no negative security implications associated with re-allowing usage via the root user, since if you're running a GUI session, you were already exposed to the original security threat and Kate and KWrite do not increase the attack surface.

I have submitted a similar change for Dolphin that has been accepted (D12795), but @elvisangelaccio wants that to go in at the same time as this, to keep them in sync.

BUG: 387973
FIXED-IN: 18.08.0

Test Plan:
- Log in as normal user and run `sudo kate` or `sudo kwrite`: you get an error message.
- Log in as normal user and run `kdesu kate` or `kdesu kwrite`: you get an error message.
- Log in as the root user and run Kate or KWrite normally: it works.

Reviewers: #kate, dhaumann, cullmann, #ktexteditor

Reviewed By: #kate, dhaumann, #ktexteditor

Subscribers: kwrite-devel, elvisangelaccio

Tags: #kate

Differential Revision: https://phabricator.kde.org/D13138
parent 8a684ce8
......@@ -61,13 +61,15 @@
int main(int argc, char **argv)
{
#ifndef Q_OS_WIN
/**
* Check whether we are running as root
**/
// Prohibit using sudo or kdesu (but allow using the root user directly)
if (getuid() == 0) {
std::cout << "Executing Kate as root is not possible. To edit files as root use:" << std::endl;
std::cout << "SUDO_EDITOR=kate sudoedit <file>" << std::endl;
return 0;
if (!qEnvironmentVariableIsEmpty("SUDO_USER")) {
std::cout << "Executing Kate with sudo is not possible due to unfixable security vulnerabilities." << std::endl;
return EXIT_FAILURE;
} else if (!qEnvironmentVariableIsEmpty("KDESU_USER")) {
std::cout << "Executing Kate with kdesu is not possible due to unfixable security vulnerabilities." << std::endl;
return EXIT_FAILURE;
}
}
#endif
/**
......
......@@ -50,13 +50,15 @@
extern "C" Q_DECL_EXPORT int main(int argc, char **argv)
{
#ifndef Q_OS_WIN
/**
* Check whether we are running as root
**/
// Prohibit using sudo or kdesu (but allow using the root user directly)
if (getuid() == 0) {
std::cout << "Executing KWrite as root is not possible. To edit files as root use:" << std::endl;
std::cout << "SUDO_EDITOR=kwrite sudoedit <file>" << std::endl;
return 0;
if (!qEnvironmentVariableIsEmpty("SUDO_USER")) {
std::cout << "Executing Kate with sudo is not possible due to unfixable security vulnerabilities." << std::endl;
return EXIT_FAILURE;
} else if (!qEnvironmentVariableIsEmpty("KDESU_USER")) {
std::cout << "Executing Kate with kdesu is not possible due to unfixable security vulnerabilities." << std::endl;
return EXIT_FAILURE;
}
}
#endif
/**
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment