sudo apport-kde is in a different design (stripped XDG_CURRENT_DESKTOP)

Re-assigning this ticket to sudo. IMO XDG_CURRENT_DESKTOP should be added to the list of environment variables to preserve, e.g. by adding it to env_keep in /etc/sudoers.

Status changed to 'Confirmed' because the bug affects multiple users.

i wonder if things work fine if called with pkexec.

I'm a bit surprised ubuntu-bug shows a GUI when run under sudo at all. I think I'd expect the usual X11 "no cookies" failure to connect.

Running X programs as another user is bound to be trouble. Perhaps ubuntu-bug should quit immediately if it detects running via sudo, su, etc things?

Thanks

Tested with kubuntu-22.04-desktop-amd64.iso. Running "pkexec ubuntu-bug -f" failed to determine that there is a desktop, because neither DESKTOP nor WAYLAND_DISPLAY are set:

$ pkexec env | grep -Ev '^(LC|LS|PATH|TERM|COLOR|LANG)'
SHELL=/bin/bash
LOGNAME=root
USER=root
HOME=/root
PKEXEC_UID=1000

sudo on the other hand preserves XAUTHORITY and DISPLAY.

If you think that apport should not show a GUI when run under sudo, please open a separate bug against apport. This bug report is about sudo. sudo preserves some environment variables to run GUI applications, but not enough to get the theme right.

Upstream plugins/sudoers/env.c defines:

static const char *initial_keepenv_table[] = {
    "COLORS",
    "DISPLAY",
    "HOSTNAME",
    "KRB5CCNAME",
    "LS_COLORS",
    "PATH",
    "PS1",
    "PS2",
    "XAUTHORITY",
    "XAUTHORIZATION",
    NULL
};

Debian adds DPKG_COLORS to it.

I created an upstream merge request to add XDG_CURRENT_DESKTOP to initial_keepenv_table: https://github.com/sudo-project/sudo/pull/165

Uploaded sudo 1.9.10-3ubuntu1 to kinetic and sudo 1.9.9-1ubuntu2.1 to jammy (patch attached).

This bug was fixed in the package sudo - 1.9.10-3ubuntu1

---------------
sudo (1.9.10-3ubuntu1) kinetic; urgency=medium

  * Merge from Debian unstable. Remaining changes:
    - debian/control:
      + Build-Conflicts on fakeroot (<< 1.25.3-1.1ubuntu1)
    - debian/sudo[-ldap].manpages: install man/man8/sudo_root.8
    - debian/sudo[-ldap].init: delete init scripts, as they are no longer
      necessary.
    - debian/etc/pam.d/sudo[-i]:
      + Use pam_env to read /etc/environment and /etc/default/locale
        environment files. Reading ~/.pam_environment is not permitted due
        to security reasons.
    - debian/etc/sudoers:
      + also grant admin group sudo access
      + include /snap/bin in the secure_path
    - debian/tests/control: 03-getroot-ldap:
      + allow removal of 'sudo' in autopkgtest (SUDO_FORCE_REMOVE=yes)
  * Dropped changes (applied in Debian):
    - debian/rules:
      + compile with --without-lecture --with-tty-tickets --enable-admin-flag
  * Add XDG_CURRENT_DESKTOP to initial_keepenv_table for Qt to determine the
    correct theme (LP: #1958055)

sudo (1.9.10-3) unstable; urgency=medium

  * some changes to 03-getroot-ldap autopkgtest to find out
    about ppc64el failure

sudo (1.9.10-2) unstable; urgency=medium

  * upload to unstable (fixed autopkgtest is needed to allow
    adduser to migrate)

sudo (1.9.10-1) experimental; urgency=medium

  * new upstream version
    * unverified upstream changelog
    * implement workaround if /proc/self/stat is invalid.
      (Closes: #940533)
    * Fix compilation problem on kFreeBSD. (Closes: #1004909)
      (different fix than the Debian patch, disable Debian patch)
    * get rid of e-mails "problem with defaults entries" in sss
      configurations. (Closes: #793660)
    * regular expression support for sudoers. (Closes: #945366)
    * handle /proc/self/fd in qemu.
    * Apply Upstream Patch to allow test suite with non-english LANG
      https://bugzilla.sudo.ws/show_bug.cgi?id=1025
    * Apply Upstream Patch to allow test suite with faketime
  * re-introduce MVPROG patch that got lost in dh migration.
    Thanks to Vagrant Cascadian (Closes: #976307)
  * revert back to directly shipping the mask symlink in the package.
    Thanks to Michael Biebl (Closes: #1004730)
  * adopt configure changes from Ubuntu
    --without-lecture --with-tty-tickets --enable-admin-flag (Closes: #1006273)
  * fix wrong handling of --with-systemd-tmpfiles.d
  * bring OPTIONS up to date.
  * have upstream install docs directly to correct directory
  * let debhelper handle the upstream changelog
  * remove LICENSE.md in both packages
  * autopkgtest: send deluser stderr to null in cleanup
  * Add cron to autopkgtest 03-getroot-ldap dependencies
  * improve lintian overrides

 -- Benjamin Drung <email address hidden> Wed, 03 Aug 2022 10:45:04 +0200

This bug report lacks the 'Where problems could occur' section of the SRU bug template.

Added 'Where problems could occur' section.

Is there any possibility that passing through this environment variable when we previously did not will change behaviour in such a way that a user treats that as a regression? For example, if some user has a setting that causes some app to now break, when it didn't before?

Your upload changes the mode of debian/source_sudo.py. I presume this is a mistake?

An upload of sudo to jammy-proposed has been rejected from the upload queue for the following reason: "The mode of debian/source_sudo.py is changed but this is not explained in the changelog or SRU information".

The change of the mode of debian/source_sudo.py was unintentional (I used the git checkout from Debian to put the changes on top). I reuploaded the jammy SRU without the mode change of debian/source_sudo.py.

> Is there any possibility that passing through this environment variable when we previously did not will change behaviour in such a way that a user treats that as a regression? For example, if some user has a setting that causes some app to now break, when it didn't before?

XDG_CURRENT_DESKTOP is probably only taken into account by UI applications. If setting this variable causes a code path change and a regression for this one, the same regression should be triggered by running the application without sudo.

If the user blocked passing environment variables like DISPLAY, setting only XDG_CURRENT_DESKTOP did not made UI applications start (tested with: sudo env -i XDG_CURRENT_DESKTOP=$XDG_CURRENT_DESKTOP gnome-calculator)

Hello Kangarooo, or anyone else affected,

Accepted sudo into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/sudo/1.9.9-1ubuntu2.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-jammy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

All autopkgtests for the newly accepted sudo (1.9.9-1ubuntu2.1) for jammy have finished running.
The following regressions have been reported in tests triggered by the package:

gvfs/1.48.2-0ubuntu1 (amd64)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/jammy/update_excuses.html#sudo

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Upgraded sudo and verified that /usr/share/apport/apport-kde looks the same when started with sudo.

The verification of the Stable Release Update for sudo has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

This bug was fixed in the package sudo - 1.9.9-1ubuntu2.1

---------------
sudo (1.9.9-1ubuntu2.1) jammy; urgency=medium

  * Add XDG_CURRENT_DESKTOP to initial_keepenv_table for Qt to determine the
    correct theme (LP: #1958055)

 -- Benjamin Drung <email address hidden> Thu, 04 Aug 2022 12:35:21 +0200