commit: 3b121eeec9664c836213b5bca2ae0a851cd17507
Author: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
AuthorDate: Sun Jul 8 15:40:37 2018 +0000
Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
CommitDate: Sun Jul 8 15:40:37 2018 +0000
URL: https://gitweb.gentoo.org/proj/kde.git/commit/?id=3b121eee
kde-apps/dolphin: Backport start-as-root
Package-Manager: Portage-2.3.41, Repoman-2.3.9
kde-apps/dolphin/dolphin-18.04.49.9999.ebuild | 6 ++-
.../dolphin/files/dolphin-18.04.3-root-user.patch | 56 ++++++++++++++++++++++
.../dolphin/files/dolphin-18.04.3-root-warn.patch | 45 +++++++++++++++++
3 files changed, 106 insertions(+), 1 deletion(-)
diff --git a/kde-apps/dolphin/dolphin-18.04.49.9999.ebuild
b/kde-apps/dolphin/dolphin-18.04.49.9999.ebuild
index 4c25caa413..eb7c6223a4 100644
--- a/kde-apps/dolphin/dolphin-18.04.49.9999.ebuild
+++ b/kde-apps/dolphin/dolphin-18.04.49.9999.ebuild
@@ -62,7 +62,11 @@ RDEPEND="${DEPEND}
RESTRICT+=" test"
-PATCHES=( "${FILESDIR}/${PN}-18.04.1-flto.patch" )
+PATCHES=(
+ "${FILESDIR}/${PN}-18.04.1-flto.patch"
+ "${FILESDIR}/${PN}-18.04.3-root-user.patch"
+ "${FILESDIR}/${PN}-18.04.3-root-warn.patch"
+)
src_configure() {
local mycmakeargs=(
diff --git a/kde-apps/dolphin/files/dolphin-18.04.3-root-user.patch
b/kde-apps/dolphin/files/dolphin-18.04.3-root-user.patch
new file mode 100644
index 0000000000..04baafa1d8
--- /dev/null
+++ b/kde-apps/dolphin/files/dolphin-18.04.3-root-user.patch
@@ -0,0 +1,56 @@
+From 40453cb627a39f1ff92373f865426f0bcdc83419 Mon Sep 17 00:00:00 2001
+From: Nathaniel Graham <[email protected]>
+Date: Wed, 9 May 2018 17:18:08 -0600
+Subject: Re-allow running Dolphin as the root user (but still not using sudo)
+
+Summary:
+Prohibiting the use of Dolphin as the actual root user (not using `sudo` or
`kdesu`) breaks legitimate use cases for using the root user. An example is
Kali, a distro that logs in as the root user by default as a deliberate design
choice.
+
+In such an environment, there is no additional security vulnerability beyond
what you're already potentially exposing yourself to. So, let's re-enable it.
+
+BUG: 387974
+FIXED-IN: 18.08.0
+
+Test Plan:
+- Log in as normal user and run `sudo dolphin`: you get an error message.
+- Log in as normal user and run `kdesu dolphin`: you get an error message.
+- Log in as the root user and run dolphin normally: it works.
+
+Reviewers: markg, elvisangelaccio, #dolphin
+
+Reviewed By: markg
+
+Subscribers: chinmoyr, cfeck, elvisangelaccio, mmustac, Fuchs, markg,
graesslin, nicolasfella, zzag, kfm-devel, emmanuelp
+
+Tags: #dolphin
+
+Differential Revision: https://phabricator.kde.org/D12795
+---
+ src/main.cpp | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/src/main.cpp b/src/main.cpp
+index db52e11..75bab67 100644
+--- a/src/main.cpp
++++ b/src/main.cpp
+@@ -43,10 +43,15 @@
+ extern "C" Q_DECL_EXPORT int kdemain(int argc, char **argv)
+ {
+ #ifndef Q_OS_WIN
+- // Check whether we are running as root
++ // Prohibit using sudo or kdesu (but allow using the root user directly)
+ if (getuid() == 0) {
+- std::cout << "Executing Dolphin as root is not possible." <<
std::endl;
+- return EXIT_FAILURE;
++ if (!qEnvironmentVariableIsEmpty("SUDO_USER")) {
++ std::cout << "Executing Dolphin with sudo is not possible due to
unfixable security vulnerabilities." << std::endl;
++ return EXIT_FAILURE;
++ } else if (!qEnvironmentVariableIsEmpty("KDESU_USER")) {
++ std::cout << "Executing Dolphin with kdesu is not possible due to
unfixable security vulnerabilities." << std::endl;
++ return EXIT_FAILURE;
++ }
+ }
+ #endif
+
+--
+cgit v0.11.2
diff --git a/kde-apps/dolphin/files/dolphin-18.04.3-root-warn.patch
b/kde-apps/dolphin/files/dolphin-18.04.3-root-warn.patch
new file mode 100644
index 0000000000..bd6e2ab0d8
--- /dev/null
+++ b/kde-apps/dolphin/files/dolphin-18.04.3-root-warn.patch
@@ -0,0 +1,45 @@
+From 621cd24acfec8cbed19e9aa6ff8650cd6f38f809 Mon Sep 17 00:00:00 2001
+From: Nathaniel Graham <[email protected]>
+Date: Sun, 6 May 2018 17:48:54 -0600
+Subject: Show a warning when running as the root user
+
+Summary: Now that Dolphin can be run as the root user again, let's show a
warning.
+
+Test Plan:
+When run with the root user account:
+{F5882057}
+
+Reviewers: #dolphin, markg, elvisangelaccio
+
+Reviewed By: markg, elvisangelaccio
+
+Subscribers: acooligan, anthonyfieroni, chinmoyr, kfm-devel, rikmills,
emmanuelp, zzag, nicolasfella, elvisangelaccio, Fuchs, mmustac, markg
+
+Tags: #dolphin
+
+Differential Revision: https://phabricator.kde.org/D12732
+---
+ src/dolphinviewcontainer.cpp | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/src/dolphinviewcontainer.cpp b/src/dolphinviewcontainer.cpp
+index bf8ac88..7b99595 100644
+--- a/src/dolphinviewcontainer.cpp
++++ b/src/dolphinviewcontainer.cpp
+@@ -108,6 +108,14 @@ DolphinViewContainer::DolphinViewContainer(const QUrl&
url, QWidget* parent) :
+ m_messageWidget->setCloseButtonVisible(true);
+ m_messageWidget->hide();
+
++#ifndef Q_OS_WIN
++ if (getuid() == 0) {
++
++ // We must be logged in as the root user; show a big scary warning
++ showMessage(i18n("Running Dolphin as root can be dangerous. Please be
careful."), Warning);
++ }
++#endif
++
+ m_view = new DolphinView(url, this);
+ connect(m_view, &DolphinView::urlChanged,
+ m_urlNavigator, &KUrlNavigator::setLocationUrl);
+--
+cgit v0.11.2
