HPLIP

[GUI] Auth prompt hardcodes bad username if caller isn't sudoer

Bug #1904888 reported by zdohnal
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
HPLIP
In Progress
Undecided
Unassigned

Bug Description

Hi,

I have an report in Fedora https://bugzilla.redhat.com/show_bug.cgi?id=1899410 - HPLIP GUI scripts hardcodes bad username into authentication prompt if the script caller isn't sudoer - it will lead into authentication error because the caller doesn't have proper permissions and user cannot change the username in the prompt since it is hardcoded.

The root of the issue is HPLIP uses 'sudo' ins several distros (check base/password.py, AUTH_TYPES list), but doesn't check if the script caller is capable of running 'sudo'. The fix checks if the user is in 'wheel' (Fedora/RHEL/CentOS) or in 'sudo' (Ubuntu) groups.

With the fix, the prompt contains username which has the correct permissions to do the trick:

1) if caller is sudoer, use its username

2) if caller isn't sudoer, use root

Would you mind adding the fix into HPLIP project?

Note: the further fix for 2) would be to have an option to set superusers, not just root, but it will need more changes in the code. Please let me know if you want a continuation of the fix.

Revision history for this message
zdohnal (zdohnal) wrote :
Revision history for this message
shivani mandora (shivani1708) wrote :

Hi,

Thanks for bringing this to our attention.
We will include your patch in our next release.

Changed in hplip:
status: New → In Progress
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.