"Restore" asks for cryptic authentication to run /bin/sh as superuser

Bug #1674121 reported by Christopher Barrington-Leigh on 2017-03-19
278
This bug affects 6 people
Affects Status Importance Assigned to Milestone
Déjà Dup
Medium
Unassigned
deja-dup (Ubuntu)
Medium
Unassigned

Bug Description

I am trying to restore a full backup to an external hard drive.
After 20 minutes or so, a cryptic gui popup arises which says that "some process" wants sudo authentication to run /bin/sh

It is surely a bug to generate such a vague request for sudo use.

I note it has been this way since 2013 (https://bugs.launchpad.net/ubuntu/+source/deja-dup/+bug/1079553 which has been unaddressed, so the outcome of denying this request is still a great pain), but I am pointing out that this kind of permission request is itself a bug, if not a security risk because it teaches users to give that kind of permission to an unknown script.

ProblemType: Bug
DistroRelease: Ubuntu 16.10
Package: deja-dup 34.2-0ubuntu3.1
ProcVersionSignature: Ubuntu 4.8.0-42.45-generic 4.8.17
Uname: Linux 4.8.0-42-generic x86_64
ApportVersion: 2.20.3-0ubuntu8.2
Architecture: amd64
CurrentDesktop: Unity
Date: Sun Mar 19 12:35:43 2017
EcryptfsInUse: Yes
InstallationDate: Installed on 2016-02-12 (400 days ago)
InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Release amd64 (20151021)
SourcePackage: deja-dup
UpgradeStatus: Upgraded to yakkety on 2017-01-21 (56 days ago)

Vej (vej) wrote :

Hello Christopher!

Could you please provide us with the file /tmp/deja-dup.gsettings after running the following line (you may want to scrub the file of any incriminating file names or details):
    gsettings list-recursively org.gnome.DejaDup > /tmp/deja-dup.gsettings

Changed in deja-dup (Ubuntu):
status: New → Incomplete

Result of following attached:

gsettings list-recursively org.gnome.DejaDup > /tmp/deja-dup.gsettings

Vej (vej) wrote :

@Christopher Thank you for the settings. The option "org.gnome.DejaDup root-prompt true" might cause this. I do not know (yet) when and why this is set. This might need to be looked into by an developer. But the prompt comes from Déjà Dup and should indicate so. I agree.

Changed in deja-dup (Ubuntu):
status: Incomplete → New
status: New → Triaged
importance: Undecided → Medium
Vej (vej) on 2017-03-27
Changed in deja-dup:
status: New → Triaged
importance: Undecided → Medium
Amr Ibrahim (amribrahim1987) wrote :

Also affects Xenial. Could be a security issue.

information type: Public → Public Security
tags: added: xenial
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Duplicates of this bug

Other bug subscribers