• Did we make a risky mistake??? (eg. Kate-root)


    Hi, all. I just found this in a popular greek collectively-run Linux site.I m posting just the extract in question (translated in english) plus the link to it. Google translate is perfectly suited to to use.
    @developers ?

    "We return to Wayland and it is time to deal with another important element that confuses many. This is the opening of a graphical application as root. We did it and we still do it a lot, but we do it dangerously, unknowingly. The most widespread and also wrong way was and is the use of the sudo command . However, sudo is not suitable for graphical applications. It is stated in writing in its own configuration file. But who will sit down, eh? After “everyone” does it, it will probably be right. But it is not. For this reason gksu (do) and kdesu (do) have been created , which ensure that some necessary conditions are met that sudo can not satisfy. However, they are not sufficient.

    Let’s just explain it. Assume you want to make changes to a text file that your user does not have access to. Here you need the administrator intervention. But when you use sudo or some of the alternatives to open this file in the graphic editor, there are things you are probably ignoring but at the same time creating a great security hole in your system. But how; We said you want to customize a file. The administrator in such a case only needs to open and store. Nowhere else. With sudo, however, the entire copywriter, throughout your making changes, runs with administrator privileges. This means that whatever it uses at that time, such as some different display parameters, or a process created after opening with sudo , and all the points in your file system where it is accessed, are covered by the same rights. In short, to do something small, you give full access to your system. It’s not what you wanted, right? But it still happens because, as mentioned above, they are “all” and so fatally transmitted as knowledge. It’s as if bullying always implies correctness.

    This misuse will be entirely limited by Wayland, where no graphical application can be opened as an administrator. Those of you who are users of the latest Plasma releases will find that it is no longer possible to open the Dolphin file manager and copywriters such as Kate with elevated privileges, even in X environment. I know, it’s “inconvenient.” But it is an adaptation from developers to the most appropriate use and what will follow with Wayland. Some people see it, again incorrectly, as “Qt applications do not open as root”. If they were looking at it a little, they would see that what was limited was the execution of an entire graphical interface with elevated rights, which they do not need and are potentially dangerous. Exactly the same as Wayland. The job we want to do, can be done normally. It will simply be done in a different, safer way. This may be the sudoedit for our example with the text file, but in general it will be the use of an already existing technology - which is still unknown to many - called polkit (PolicyKit). You may have encountered the pkexec command. Guess what it uses as a backend. Through polkit, an application can use additional permissions only at the point where it really needs it, without any security gaps in its operation. Once again, however, this is not Wayland’s competence but will be achieved with other, environment-specific technologies. Indicatively, tasks dealing with file management as root in GNOME will be done through gvfs and Plasma from its KIO.

    The sad thing here is that the truly worthy developers of a really excellent distribution (names we do not say, no hypothesis are touched) have reversed the Plasma function above, allowing the wrong way to use, while not only knowing but reporting the dangers. So while some people are trying to correct bad practice times, some others are screaming in their waves. Personally, I was surprised by this move. I would probably expect it from another distribution but not from that. Anyway, let’s not stop at itt. Anyway, let’s not stop at it. ".

    http://osarena.net/o-wayland-kai-ta-mystiria

    1.Antergos Linux KDE plasma / Gnome 2.Ubuntu 17.10 64bit Unity
    Intel Core2 Duo CPU P8400 2.26GHz‖ RAM 3908 MiB ‖ Dell Inc. 0F328M - Dell Inc. Latitude E6500
    Intel Mobile 4 Series Chipset Integrated Graphics [8086:2a42] {i915

  • @anarch said in Did we make a risky mistake??? (eg. Kate-root):

    The sad thing here is that the truly worthy developers of a really excellent distribution (names we do not say, no hypothesis are touched) have reversed the Plasma function above, allowing the wrong way to use, while not only knowing but reporting the dangers.

    I do not know if this refers to us or Suse, but in our case does not fully apply, as we offer kate and dolphin as they are (packaged by Arch). We offer kate-root and dolphin-root as an alternative packages (they are not installed by cnchi). These packages are used by our users in a “use it at your own risk” manner.

    To be honest, problem is that neither kate nor dolphin are prepared to use polkit. I haven’t tried to use them with pkexec, but this is not the way. Both apps should use d-bus to comunicate with polkit and ask for admin access.

    And sudoedit… don’t make me laugh. It works well only if you always want to use the same editor because it uses an env var. And if you want to edit several files…

    I was sure that we shouldn’t patch kate and dolphin packages, so we didn’t. And that’s why we wrote kate-root and dolphin-root as alternatives for users that were used to a certain workflow. When kate and dolphin use polkit this packages won’t be needed anymore.

    Cheers!

  • Thanks for all of the information, @anarch and @karasu! It was nice to heear the argument against it and the arguement for (or not against) it. Both were really informative. I learned a lot from them:slight_smile:.

    Thank you!

    Keep trying, never give up. In the end, you will find that it was all worth it

    Community ISO: https://antergoscommunityeditions.wordpress.com
    Linux Basics: https://linuxbasicssite.wordpress.com

  • I was migrating already to use more the command line, using nano for editing text when requires sudo (but sometimes a text editor with GUI is faster to do what i want) and midnight commander to copy/paste stuff in the filesystem.

    But after reading it all i still think linux users should be free to put their own systems at risk if they want to, so now wayland won’t let you do that, is losing freedom i guess. (sorry if this sound stupid :P )

    Antergos (default OS) - WIN10 (abandoned)
    I3wm - Mate desktop
    AMD - A4 7300 Radeon graphics
    16 GB ram
    HD 1 TB
    Linux newbie since 06/2016

  • @fernandomaroto said in Did we make a risky mistake??? (eg. Kate-root):

    (sorry if this sound stupid )

    I don’t think it does. Isn’t Linux all about freedom anyways? I just think it’s sad that such a risky command is the one that is recommended for new users.

    Keep trying, never give up. In the end, you will find that it was all worth it

    Community ISO: https://antergoscommunityeditions.wordpress.com
    Linux Basics: https://linuxbasicssite.wordpress.com

  • @Keegan i guess they could create a “new sudo” that will allow us to make what we want without breaking packages not puting us at risk hehehee

    Antergos (default OS) - WIN10 (abandoned)
    I3wm - Mate desktop
    AMD - A4 7300 Radeon graphics
    16 GB ram
    HD 1 TB
    Linux newbie since 06/2016

  • That’s actually a great idea! I know they probably won’t, but that would actually be kind of handy. Then, we wouldn’t have to re-learn / un-learn anything!

    Keep trying, never give up. In the end, you will find that it was all worth it

    Community ISO: https://antergoscommunityeditions.wordpress.com
    Linux Basics: https://linuxbasicssite.wordpress.com

  • A two-edged sword:
    Freedom versus security.

    Suse was providing this, short after the Change.

    In the end, it is not a hard task to get used to textediting inside a terminal.

    But as Antergos do not offer this as default, I call it freedom+security.

    [updates once a week] = [90% less problems]
    [Li{u}n//u//{i}x] since 1988 - overcoming failure means success
    howto-install-antergos
    how to add system logs
    i3-wm#gnome-shell

  • Thanks, for your reply, @karasu . I m not using GUI text editors, anyway. The most comprehensive CLI is nano, after all. So, this “These packages are used by our users in a “use it at your own risk” manner” is enough for me.
    Do I have your OK to paste your reply to the site to get the discussion going?
    @fernandomaroto , maybe it is how I have got used to, but I find it faster to navigate with nano

    @fernandomaroto said

    But after reading it all i still think linux users should be free to put their own systems at risk if they want to, so now wayland won’t let you do that, is losing freedom i guess. (sorry if this sound stupid

    With Linux becoming more and more popular the so called "average/windows-converted or even easy-deb-based-GUI-used-to) users, it could be an invitation to…commit suicide. The majority of people I installed Linux are tottaly unwilling to learn. They just want to use their system.
    So, for some of us it is totaly ok to even have the right to destroy our systems (because we want to)and then restore it but for the majority that would be (and it is) a serious security hole and a bad reputation for the whole of Linux.
    After all, X11 will still be alive & available as an alternative after Wayland replaces it. So, there will still be choice & freedom

    1.Antergos Linux KDE plasma / Gnome 2.Ubuntu 17.10 64bit Unity
    Intel Core2 Duo CPU P8400 2.26GHz‖ RAM 3908 MiB ‖ Dell Inc. 0F328M - Dell Inc. Latitude E6500
    Intel Mobile 4 Series Chipset Integrated Graphics [8086:2a42] {i915

  • If I cannot run applications as root under wayland wayland may go and rot in hell.
    I often use the kate root actions, it’s a convenient way to work for me and I don’t want to fiddle around with functionally limited terminal text editors. We have 2017, not 1990.
    J.

  • @Jeannie____ That’s right, and 2017 comes also with a lot more security risks than 1990. I understand what you mean about limited functionality, but in case of editing basic text config files under root permissions, nano for example should be more than enough? In this case advanced text formatting isn’t needed, and as for basic features such as searching for words in files, limiting how much bytes you want to load (which GUI tools usually aren’t capable off) are supported by the terminal tools.

    So why would it really be necessary to open such files in a GUI, except for the better visual and mouse clicking, while there is a good point not to teach yourself such a habit?

    Antergos & Windows 7 Pro | Asrock x370 K4 - Ryzen 1600 - GTX 950 (replace with Radeon 570/580/Vega) - 16GB DDR4 2400 - Samsung 960 pro 512GB (Windows) + Samsung 850 EVO 256 GB (Antergos) + 2x 2TB HGST HDD + more storage - RM550x Gold PSU

  • So editing files as root in a cumbersome cli text editor is safer than doing the same in my DEs text editor?

  • If I cannot run applications as root under wayland wayland may go and rot in hell.
    I often use the kate root actions, it’s a convenient way to work for me and I don’t want to fiddle around with functionally limited terminal text editors. We have 2017, not 1990.

    Guys, I think you’re missing the point. With sudo, the problem is that you are running your editor as root (doesn’t matter if GUI or CLI). So, theoretically, this could be a security hole.

    The way to go is make the editor open the file as root asking permission using polkit, but the editor itself will be run with user permissions, not root. And it will work in Wayland.

    Cheers!

    P.S. @anarch , of course I’m ok with you using my reply ;)

  • @karasu said

    P.S. @anarch , of course I’m ok with you using my reply

    Thanksssss!!!

    1.Antergos Linux KDE plasma / Gnome 2.Ubuntu 17.10 64bit Unity
    Intel Core2 Duo CPU P8400 2.26GHz‖ RAM 3908 MiB ‖ Dell Inc. 0F328M - Dell Inc. Latitude E6500
    Intel Mobile 4 Series Chipset Integrated Graphics [8086:2a42] {i915

mistake1 kate-root2 risky1 Posts 14Views 531
Log in to reply