"Restore" asks for cryptic authentication to run /bin/sh as superuser

Bug #1674121 reported by Christopher Barrington-Leigh on 2017-03-19
This bug affects 7 people
Affects Status Importance Assigned to Milestone
Déjà Dup
deja-dup (Ubuntu)

Bug Description

I am trying to restore a full backup to an external hard drive.
After 20 minutes or so, a cryptic gui popup arises which says that "some process" wants sudo authentication to run /bin/sh

It is surely a bug to generate such a vague request for sudo use.

I note it has been this way since 2013 (https://bugs.launchpad.net/ubuntu/+source/deja-dup/+bug/1079553 which has been unaddressed, so the outcome of denying this request is still a great pain), but I am pointing out that this kind of permission request is itself a bug, if not a security risk because it teaches users to give that kind of permission to an unknown script.

ProblemType: Bug
DistroRelease: Ubuntu 16.10
Package: deja-dup 34.2-0ubuntu3.1
ProcVersionSignature: Ubuntu 4.8.0-42.45-generic 4.8.17
Uname: Linux 4.8.0-42-generic x86_64
ApportVersion: 2.20.3-0ubuntu8.2
Architecture: amd64
CurrentDesktop: Unity
Date: Sun Mar 19 12:35:43 2017
EcryptfsInUse: Yes
InstallationDate: Installed on 2016-02-12 (400 days ago)
InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Release amd64 (20151021)
SourcePackage: deja-dup
UpgradeStatus: Upgraded to yakkety on 2017-01-21 (56 days ago)

Vej (vej) wrote :

Hello Christopher!

Could you please provide us with the file /tmp/deja-dup.gsettings after running the following line (you may want to scrub the file of any incriminating file names or details):
    gsettings list-recursively org.gnome.DejaDup > /tmp/deja-dup.gsettings

Changed in deja-dup (Ubuntu):
status: New → Incomplete

Result of following attached:

gsettings list-recursively org.gnome.DejaDup > /tmp/deja-dup.gsettings

Vej (vej) wrote :

@Christopher Thank you for the settings. The option "org.gnome.DejaDup root-prompt true" might cause this. I do not know (yet) when and why this is set. This might need to be looked into by an developer. But the prompt comes from Déjà Dup and should indicate so. I agree.

Changed in deja-dup (Ubuntu):
status: Incomplete → New
status: New → Triaged
importance: Undecided → Medium
Vej (vej) on 2017-03-27
Changed in deja-dup:
status: New → Triaged
importance: Undecided → Medium
Amr Ibrahim (amribrahim1987) wrote :

Also affects Xenial. Could be a security issue.

information type: Public → Public Security
tags: added: xenial
Michael Terry (mterry) wrote :

Code in master should have a less cryptic message. Now says "Privileges are required to restore files to system locations"

Changed in deja-dup:
status: Triaged → Fix Committed
Amr Ibrahim (amribrahim1987) wrote :

Thanks Michael. But should it prompt for authentication even for restoring to only user locations? That what happened to me in Xenial. I was restoring folders and files to a user location, which doesn't need any super privileges for file operations, when that message came up.

Michael Terry (mterry) wrote :

Amr, I don't know about your case specifically, but in Christopher's case, it was because he was restoring to two different users' home directories. Basically, anytime you are restoring outside your own home directory, we go to root. We *could* try to be smarter there, but it would be a fair amount of effort for (imho) small gain. But you're right that it would be better if we were that smart.

Amr Ibrahim (amribrahim1987) wrote :

Exactly, my restore was to a location outside $HOME, however, that location did not need super privileges for file operations. Deja Dup could be smarter about that.

Michael Terry (mterry) on 2017-08-18
Changed in deja-dup:
status: Fix Committed → Fix Released
Amr Ibrahim (amribrahim1987) wrote :

One question, does that mean that the restored files outside $HOME will be owned by root or have root permissions?

Michael Terry (mterry) wrote :

That behavior hadn't changed: permissions and ownership should be restored to original values too

Amr Ibrahim (amribrahim1987) wrote :

Thanks Michael. I was worried that giving sudo authorisation to restore files might have security implications.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package deja-dup - 35.4-0ubuntu3

deja-dup (35.4-0ubuntu3) artful; urgency=medium

  * debian/patches/allow-no-packagekit.patch:
    - Cherry-pick patch from upstream git that properly fixes our tests
      in autopkgtests where packagekit isn't installed.

 -- Michael Terry <email address hidden> Sat, 19 Aug 2017 14:24:51 -0400

Changed in deja-dup (Ubuntu):
status: Triaged → Fix Released
Vej (vej) wrote :

@Michael Terry: The description of the patch does not seem to have anything to do with this bug. Is this really fixed for Ubuntu?

Michael Terry (mterry) wrote :

Yes, Launchpad picked the wrong description. Here is the one that fixed it:

deja-dup (35.4-0ubuntu1) artful; urgency=medium

  * New upstream release
    - Adds support for GNOME Online Accounts
    - Improves dynamic installation support for backend dependencies
    - Fixes status icon in non-GNOME desktops (LP: #1592480)
    - Improves sudo prompt when restoring outside HOME (LP: #1674121)
    - Fixes password prompt loop with a bad gpg config (LP: #1710309)
    - Fixes vertical size of backup detail output pane (LP: #1710491)
  * debian/rules:
    - Tell deja-dup which packages to install for the various backends
  * debian/control.in:
    - Update dependencies
    - Drop deja-dup-backend-* meta packages, they are no longer needed
  * debian/patches/install-pygi.patch:
    - Drop, no longer needed

 -- Michael Terry <email address hidden> Thu, 17 Aug 2017 11:10:48 -0400

To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers