Commit 1f02e3ca authored by Nate Graham's avatar Nate Graham 🔩

Re-allow running the app with sudo

Three years ago, dolphin was prevented from being run with `sudo` or as
the root user in
system/dolphin@0bdd8e0b.
The justification was to protect users from a security threat described in
utilities/kate@9adcebd3.

Since then, we have received a large number of user complaints. We have
always told them the same thing: that they won't need to run dolphin with
sudo anyway once PolKit support for KIO is merged, as it was for Kate.

Unfortunately PolKit in KIO never got merged. It remains stuck, three
years later. See https://phabricator.kde.org/D7563 for the latest
status. So we are in the situation where we took away a feature before
its replacement was ready, and then we repeatedly promised that the
replacement would be ready soon, and it never was.

This represents a severe breach of trust for our users. I know that
running Dolphin with sudo is not something anybody recommends, but
taking away the feature before its replacement was ready using the
justification that we were protecting users from themselves is something
that I can totally understand people being upset about. Deleting the
threatened feature is not an appropriate way to resolve a security threat.
Linus Torvalds feels similarly: https://lkml.org/lkml/2017/11/21/356

Accordingly, this reverts the commit to disallow running Dolphin with sudo.
Once PolKit in kio is merged, we can revert this commit and dis-allow it
again before its replacement is actually released and available.

This only applies to X; on Wayland all GUI apps are already unconditionally
prevented from running as the root user at the compositor level.
parent 5c41350e
......@@ -142,8 +142,8 @@ DolphinViewContainer::DolphinViewContainer(const QUrl& url, QWidget* parent) :
#ifndef Q_OS_WIN
if (getuid() == 0) {
// We must be logged in as the root user; show a big scary warning
showMessage(i18n("Running Dolphin as root can be dangerous. Please be careful."), Warning);
// We must be sudo'd or logged in as the root user; show a big scary warning
showMessage(i18n("Running Dolphin with elevated privileges can be dangerous. Please be careful."), Warning);
}
#endif
......
......@@ -40,26 +40,8 @@
#include <QDBusAbstractInterface>
#include <QDBusConnectionInterface>
#ifndef Q_OS_WIN
#include <unistd.h>
#endif
#include <iostream>
extern "C" Q_DECL_EXPORT int kdemain(int argc, char **argv)
{
#ifndef Q_OS_WIN
// Prohibit using sudo or kdesu (but allow using the root user directly)
if (getuid() == 0) {
if (!qEnvironmentVariableIsEmpty("SUDO_USER")) {
std::cout << "Executing Dolphin with sudo is not possible due to unfixable security vulnerabilities." << std::endl;
return EXIT_FAILURE;
} else if (!qEnvironmentVariableIsEmpty("KDESU_USER")) {
std::cout << "Executing Dolphin with kdesu is not possible due to unfixable security vulnerabilities." << std::endl;
return EXIT_FAILURE;
}
}
#endif
/**
* enable high dpi support
*/
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment