Unable to launch applications which use su-to-root from menu package as root on Wayland session

Bug #1713311 reported by Norbert
56
This bug affects 1 person
Affects Status Importance Assigned to Milestone
GParted
New
Undecided
Unassigned
bleachbit (Ubuntu)
Fix Released
Undecided
Hugo Lefeuvre
caja-extensions (Ubuntu)
Won't Fix
Undecided
Unassigned
ddccontrol (Ubuntu)
In Progress
Undecided
Miroslav Kravec
debian-installer-launcher (Ubuntu)
New
Undecided
Unassigned
edubuntu-netboot (Ubuntu)
New
Undecided
Unassigned
gadmin-bind (Ubuntu)
New
Undecided
Unassigned
gadmin-openvpn-client (Ubuntu)
New
Undecided
Unassigned
gadmin-openvpn-server (Ubuntu)
New
Undecided
Unassigned
gadmin-proftpd (Ubuntu)
Confirmed
Medium
Unassigned
gadmin-rsync (Ubuntu)
New
Undecided
Unassigned
gadmin-samba (Ubuntu)
New
Undecided
Unassigned
gkdebconf (Ubuntu)
New
Undecided
Unassigned
gsmartcontrol (Ubuntu)
New
Undecided
Unassigned
gtkorphan (Ubuntu)
New
Undecided
Unassigned
gui-apt-key (Ubuntu)
New
Undecided
Unassigned
guymager (Ubuntu)
New
Undecided
Unassigned
hannah-foo2zjs (Ubuntu)
Fix Released
Undecided
Unassigned
i7z (Ubuntu)
New
Undecided
Unassigned
keytouch-editor (Ubuntu)
New
Undecided
Unassigned
kontrolpack (Ubuntu)
New
Undecided
Unassigned
kvpnc (Ubuntu)
New
Undecided
Unassigned
lshw (Ubuntu)
New
Undecided
Unassigned
luckybackup (Ubuntu)
New
Undecided
Unassigned
menu (Ubuntu)
New
Undecided
Unassigned
ndisgtk (Ubuntu)
New
Undecided
Unassigned
nmap (Ubuntu)
New
Undecided
Unassigned
prey (Ubuntu)
New
Undecided
Unassigned
sbackup (Ubuntu)
New
Undecided
Unassigned
spacefm (Ubuntu)
New
Undecided
Unassigned
usbview (Ubuntu)
Fix Released
Undecided
Unassigned
wifi-radar (Ubuntu)
New
Undecided
Unassigned

Bug Description

List of pkexec'ed applications is located in bug 1713313.

*****************************
Main upstream discussion & fixes example to deal with wayland:
https://bugzilla.gnome.org/show_bug.cgi?id=776437
************************************************************
the Gnome Porting Way: https://wiki.gnome.org/Initiatives/Wayland/Applications/Porting
************************************************************

Steps to reproduce:
1. Install Ubuntu 17.10
2. Install application from above list and menu package (if missed, for zenmap, see bug 1713274) - full list from - https://codesearch.debian.net/search?q=Exec%3Dsu-to-root+filetype%3Adesktop+path%3A*%2Fapplications%2F*&perpkg=1 , https://codesearch.debian.net/search?q=Exec%3Dgksudo+filetype%3Adesktop+path%3A*%2Fapplications%2F* and https://codesearch.debian.net/search?q=Exec%3Dgksu+filetype%3Adesktop+path%3A*%2Fapplications%2F* .

3. Try to launch $APP_NAME from shortcut
4. Get error window:
Failed to run $APP_NAME as user root.
Unable to copy the user's Xauthorization file.

Expected results:
* $APP_NAME may be run as root

Actual results:
* unable to run $APP_NAME as root

Additional info:
$ xhost
access control enabled, only authorized clients can connect
SI:localuser:artful

$ export | grep "SESSION\|DESK"
declare -x DBUS_SESSION_BUS_ADDRESS="unix:path=/run/user/1000/bus"
declare -x DESKTOP_AUTOSTART_ID="1082dacfd3a20e972150382958079482700000012280008"
declare -x DESKTOP_SESSION="gnome"
declare -x GDMSESSION="gnome"
declare -x GNOME_DESKTOP_SESSION_ID="this-is-deprecated"
declare -x SESSION_MANAGER="local/artful:@/tmp/.ICE-unix/1228,unix/artful:/tmp/.ICE-unix/1228"
declare -x XDG_CURRENT_DESKTOP="GNOME"
declare -x XDG_SESSION_DESKTOP="gnome"
declare -x XDG_SESSION_ID="2"
declare -x XDG_SESSION_TYPE="wayland"

and this operations does not help:

artful@artful:~$ xhost +si:localuser:root
localuser:root being added to access control list
artful@artful:~$ gksudo zenmap
Error copying '/home/artful/.Xauthority' to '/tmp/libgksu-AgXCxW': No such file or directory

ProblemType: Bug
DistroRelease: Ubuntu 17.10
Package: zenmap 7.50-1
ProcVersionSignature: Ubuntu 4.12.0-11.12-generic 4.12.5
Uname: Linux 4.12.0-11-generic i686
ApportVersion: 2.20.6-0ubuntu7
Architecture: i386
CurrentDesktop: GNOME
Date: Sun Aug 27 13:28:31 2017
InstallationDate: Installed on 2017-08-26 (0 days ago)
InstallationMedia: Ubuntu 17.10 "Artful Aardvark" - Alpha i386 (20170826)
PackageArchitecture: all
SourcePackage: nmap
UpgradeStatus: No upgrade log present (probably fresh install)

CVE References

Revision history for this message
Norbert (nrbrtx) wrote :
Norbert (nrbrtx)
summary: - Unable to launch zenmap as root on Wayland session
+ Unable to launch zenmap and bleachbit as root on Wayland session
description: updated
Norbert (nrbrtx)
summary: - Unable to launch zenmap and bleachbit as root on Wayland session
+ Unable to launch zenmap, bleachbit, gui-apt-key as root on Wayland
+ session
description: updated
Norbert (nrbrtx)
summary: - Unable to launch zenmap, bleachbit, gui-apt-key as root on Wayland
- session
+ Unable to launch zenmap, bleachbit, gui-apt-key, gkdebconf as root on
+ Wayland session
description: updated
description: updated
Norbert (nrbrtx)
summary: - Unable to launch zenmap, bleachbit, gui-apt-key, gkdebconf as root on
- Wayland session
+ Unable to launch zenmap, bleachbit, gui-apt-key, gkdebconf, luckybackup
+ as root on Wayland session
description: updated
Norbert (nrbrtx)
summary: - Unable to launch zenmap, bleachbit, gui-apt-key, gkdebconf, luckybackup
- as root on Wayland session
+ Unable to launch zenmap, bleachbit, gui-apt-key, gkdebconf, luckybackup,
+ usbview as root on Wayland session
description: updated
summary: - Unable to launch zenmap, bleachbit, gui-apt-key, gkdebconf, luckybackup,
- usbview as root on Wayland session
+ Unable to launch applications which use su-to-root from menu package as
+ root on Wayland session
description: updated
Norbert (nrbrtx)
description: updated
no longer affects: synaptic (Ubuntu)
Norbert (nrbrtx)
description: updated
description: updated
Norbert (nrbrtx)
description: updated
Revision history for this message
Julian Andres Klode (juliank) wrote :

Wayland does not support root applications by design.

Revision history for this message
Norbert (nrbrtx) wrote :

And what should users do if Wayland may become new GNOME standard?
Is it possible to replace su-to-root with pkexec?
20 applications are affected. They are popular. On Wayland they are useless. Great to hear.

Revision history for this message
dino99 (9d9) wrote :

@Norbert

Glad to see you listing the affected apps. It should be good to merge the different reports already made into a single, like that one.

But i wonder if Debian packaging & Ubuntu packaging have followed the same transition from the past. Histotic ubuntu transition has been gksu/gksudo -> pkexec and also some packagekit -> pkexec; now wayland force to move to packagekit again.
https://askubuntu.com/questions/284306/why-is-gksu-no-longer-installed-by-default#284717

Revision history for this message
Julian Andres Klode (juliank) wrote :

Generally speaking, all (Wayland-capable) apps that currently run their UI as root need to be restructured to use PolicyKit for the privileged operations, and have the UI run as a normal user.

Apps that do not run on Wayland and use the legacy Xwayland compat, but you need to run xhost +si:localuser:root first. gksu is apparently broken because it assumes that there is an Xauthority file, but that's not the case with XWayland (I'd assume it would work with pkexec, for apps registered with PolicyKit, as a temporary workaround).

Revision history for this message
Julian Andres Klode (juliank) wrote :

@dino99 packagekit has nothing to do with this. pk means policykit in this context.

Revision history for this message
dino99 (9d9) wrote :

@Julian

indeed, my bad, its a typo; need to read policykit not packagekit of course (#4)

dino99 (9d9)
description: updated
Revision history for this message
Norbert (nrbrtx) wrote :

@dino99
Thanks! So I dig deeper.

I tested some rdepends with the following actions
1. apt-cache rdepends menu | sort | uniq > menu_rdepends.txt
2. removed unnecessary rows from menu_rdepends.txt (such as "menu" and "Reverse Depends:")
3. executed small script (apt-file list, apt-get download, dpkg-deb -R, grep su-to-root) against menu_rdepends.txt file.
4. As the result I added `debian-installer-launcher`, `gadmin-bind`, `gadmin-samba`, `keytouch-editor`, `kontrolpack` to the above list.

I'll continue against gksu package.

dino99 (9d9)
description: updated
Revision history for this message
Norbert (nrbrtx) wrote :

Grepping rdepends of gksu for su-to-root gives `guymager`, `hannah-foo2zjs`, `zenmap`

Revision history for this message
Norbert (nrbrtx) wrote :

Grepping rdepends of gksu for gksu gives `caja-gksu`, `ltsp-live`, `gddccontrol`.

Revision history for this message
Norbert (nrbrtx) wrote :

+ `spacefm-gtk3` to c10

Revision history for this message
Andrew Ziem (ahziem1) wrote :

BleachBit 1.17 (beta) switched from su-to-root (from the menu package) to pkexec, and I hope to soon release it as BleachBit 2.0 (final). This may resolve this issue too.

This change was committed to the BleachBit git repository back in October (2016).

Revision history for this message
Norbert (nrbrtx) wrote :

Here is my simple script for grepping su-to-root|gksu|pkexec inside application.desktop files in packages.

How to use:
1. apt-cache rdepends menu | sort | uniq > menu_rdepends.txt
2. remove unnecessary rows from menu_rdepends.txt (such as "menu" and "Reverse Depends:")
3. execute my script with ./do.sh menu_rdepends.txt
4. it will do apt-file list, apt-get download, dpkg-deb -R, grep su-to-root|gksu|pkexec and print
some info:

...
caja-dropbox: /usr/share/applications/caja-dropbox.desktop
caja-dropbox is not affected
choosewm does not have application.desktop
colord does not have application.desktop
debconf does not have application.desktop
debian-installer-launcher: /usr/share/applications/debian-installer-launcher.desktop
Exec=su-to-root -X -c /usr/sbin/debian-installer-launcher # <- su-to-root in color!
...

Application list above here was obtained by it, and for pkexec too (bug 1713313).

Revision history for this message
Martin Wimpress  (flexiondotorg) wrote :

Is caja-extensions listed here because of caja-gksu?

Revision history for this message
Norbert (nrbrtx) wrote :

@Martin Wimpress (flexiondotorg)
yes, because of caja-gksu. It does not work under Wayland.

Revision history for this message
Norbert (nrbrtx) wrote :

+c15

when clicking on "Open as administrator" on file object it shows error message:

"Failed to run gedit 'file:///home/artful/x' as user root.

Unable to copy the user's Xauthorization file."

and writes "Error copying '/home/artful/.Xauthority' to '/tmp/libgksu-9mFF3E': No such file or directory" to console.

Revision history for this message
Martin Wimpress  (flexiondotorg) wrote :

We are currently in the process of removing dependency on gksu from Ubuntu MATE. caja-gksu is not longer seeded in Ubuntu MATE and will soon be removed from the Debian and Ubuntu archives. caja-admin will be replacing caja-gksu.

Changed in caja-extensions (Ubuntu):
status: New → Won't Fix
tags: added: wayland
removed: wayland-session
Revision history for this message
Norbert (nrbrtx) wrote :

Ubuntu 17.10 with all updates, bug is not fixed.

Revision history for this message
dino99 (9d9) wrote :

@Norbert

the full solution is not so easy; so be patient.
Several thinks can be done:
- run xhost script into a terminal each time a session is opened
- insert the xhost script into .bashrc file
- and/or test some more propositions:
   * https://unix.stackexchange.com/questions/317282/set-environment-variables-for-gnome-on-wayland-and-bash-on-virtual-terminals-or#326161
   * https://ask.fedoraproject.org/en/question/108631/running-command-after-gnome-login/
   * https://unix.stackexchange.com/questions/118811/why-cant-i-run-gui-apps-from-root-no-protocol-specified

And for non techy people or those still satisfied with X, then choose X at login time (still prefer lightdm myself for the moment)

Norbert (nrbrtx)
description: updated
description: updated
Revision history for this message
Norbert (nrbrtx) wrote :

At least `zenmap` and `wifi-radar` do not run on default fresh clean installation of Ubuntu 17.10.

dino99 (9d9)
description: updated
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gsmartcontrol - 1.1.1-1

---------------
gsmartcontrol (1.1.1-1) unstable; urgency=medium

  * New upstream release.

 -- Stephen Kitt <email address hidden> Sun, 01 Oct 2017 20:32:15 +0200

Changed in gsmartcontrol (Ubuntu):
status: New → Fix Released
dino99 (9d9)
description: updated
Revision history for this message
Phillip Susi (psusi) wrote :

WTF Launchpad? That changelog does not say it fixes this bug.

Changed in gsmartcontrol (Ubuntu):
status: Fix Released → New
Revision history for this message
Julian Andres Klode (juliank) wrote :

It does in an earlier entry that was skipped in the fake changes somehow:

--- gsmartcontrol-1.0.2/debian/changelog 2017-08-21 07:42:52.000000000 +0000
+++ gsmartcontrol-1.1.1/debian/changelog 2017-10-01 18:32:15.000000000 +0000
@@ -1,3 +1,23 @@
+gsmartcontrol (1.1.1-1) unstable; urgency=medium
+
+ * New upstream release.
+
+ -- Stephen Kitt <email address hidden> Sun, 01 Oct 2017 20:32:15 +0200
+
+gsmartcontrol (1.1.0-1) unstable; urgency=medium
+
+ * New upstream release.
+ * The “Perform Tests” tab has been merged with the “Self-Tests” tab, and
+ vertical space is used appropriately (at least, if there are test
+ results). Closes: #641564.
+ * Upstream gsmartcontrol-root now supports pkexec, use that instead of
+ our su-to-root-based script. LP: #1713311.
+ * Stop shipping TODO, it’s not much use for end-users.
+ * Switch to debhelper compatibility level 10.
+ * Standards-Version 4.1.0, no change required.
+
+ -- Stephen Kitt <email address hidden> Mon, 11 Sep 2017 09:22:25 +0200
+
 gsmartcontrol (1.0.2-1) unstable; urgency=medium

   * New upstream release.

Changed in gsmartcontrol (Ubuntu):
status: New → Fix Released
Revision history for this message
Julian Andres Klode (juliank) wrote :

I can't comment whether it's really fixed, though, if it's not, well, I'm sorry and please reopen.

Revision history for this message
Phillip Susi (psusi) wrote :

pkexec does not work under wayland either, so that change does not fix the issue.

Changed in gsmartcontrol (Ubuntu):
status: Fix Released → New
Revision history for this message
Norbert (nrbrtx) wrote :

I have just installed i7z and i7z-gui packages on Ubuntu 16.04.3 LTS. i7z_GUI requires root privileges, so it seems to be affected by this bug on newer Ubuntu.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package hannah-foo2zjs - 1:3

---------------
hannah-foo2zjs (1:3) unstable; urgency=medium

  * QA upload.
  * Switch source format to "3.0 (native)".
  * Do not ship the generated hannah binary, and the Makefile, and make sure
    to remove them on clean.
  * Drop the menu file, since hannah-foo2zjs already provides a .desktop file.
  * Use an install file to install all the files, using dh-exec to rename the
    files:
    - add a new executable hannah-foo2zjs.install file
    - add the dh-exec build dependency
  * Rewrite rule to use the dh sequencer.
  * Bump the debhelper compatibility to 10:
    - bump compat to 10
    - bump the debhelper build dependency to 10~
  * Switch versioned conflict to versioned break.
  * Cleanup hannah.pro.
  * Build the application with Qt 5: (Closes: #874903)
    - set the QT modules in the .pro file
    - switch the libqt4-dev build dependency to qtbase5-dev
    - set QT_SELECT=5 in rules, to make sure to build even when Qt 4 is
      installed too
  * Various improvements to the application itself:
    - reindent code
    - forward-declare classes, including only what needed, and where needed
    - do not hardcode the font, use the default one
    - use better QMessageBox APIs
    - create & lay out widgets in the right order
    - add a checkbox -> firmware mapping, so there is not a separate list for
      the latter
    - turn the "Mark all" from a checkbox into a button, and add also a new
      "Unmark all" button
    - switch from QStatusBar to QLabel for the status messages
    - disable the download button while downloading
    - set the "printer" icon for the application
    - harden the build with extra defines, and fix the code accordingly
      (slot -> Q_SLOTS, QStringLiteral, etc)
    - group checkboxes & mark/unmark buttons in a group box, with the
      checkboxes laid in two columns
    - improve the text in the about dialog
    - add accelerators for buttons
  * Fix path of getweb to /usr/sbin/getweb. (Closes: #772447)
  * Use pkexec to run getweb, instead of su-to-root for the whole application:
    (LP: #1713311)
    - depend on policykit-1
    - drop the gksu|kdebase-bin|kde-runtime|kdebase-runtime|ktsuss|sux
      dependency (Closes: #885545)
    - directly exec hannah-foo2zjs in the desktop file
  * Make hannah.desktop file valid:
    - set the value of the 'Terminal' key to false (as it is a boolean)
    - add the Qt category, and remove the Settings one
  * Link in as-needed mode.
  * Bump Standards-Version to 4.1.3, no changes required.
  * Add myself to copyright, for both code and packaging.

 -- Pino Toscano <email address hidden> Sun, 31 Dec 2017 11:03:05 +0100

Changed in hannah-foo2zjs (Ubuntu):
status: New → Fix Released
Norbert (nrbrtx)
tags: added: bionic
Revision history for this message
Hugo Lefeuvre (hlef) wrote :

I have just uploaded Bleachbit 2.0-2 to the Debian archive, switching from su-to-root to policykit. This will fix the issue.

Changed in bleachbit (Ubuntu):
status: New → Fix Released
assignee: nobody → Hugo Lefeuvre (hlef)
Revision history for this message
Miroslav Kravec (kravemir) wrote :

In unreleased version, HW access will be performed via D-Bus daemon. No need to run ddccontrol/gddccontrol with root privileges. See https://github.com/ddccontrol/ddccontrol/blob/master/CHANGELOG.md

However, as daemon is long running process. It needs a bit of polishing, especially, get rid of memory leaks,... This is still in progress.

Changed in ddccontrol (Ubuntu):
assignee: nobody → Miroslav Kravec (kravemir)
status: New → In Progress
Revision history for this message
Julian Andres Klode (juliank) wrote :

@kravemir It does not have to be a long running process. Just give it a short timeout like 10s. D-Bus/systemd will take care of starting new daemons when new requests come in.

Revision history for this message
Rolf Leggewie (r0lf) wrote :

setting to critical for gadmin-proftpd as it renders the package useless in bionic.

Changed in gadmin-proftpd (Ubuntu):
importance: Undecided → Critical
status: New → Confirmed
Revision history for this message
Rolf Leggewie (r0lf) wrote :

su-to-root apparently still works (for those who know about its existence)

Changed in gadmin-proftpd (Ubuntu):
importance: Critical → Medium
no longer affects: software-properties
Norbert (nrbrtx)
tags: removed: artful
Revision history for this message
Logan Rosen (logan) wrote :

This bug was fixed in the package usbview - 3.0-3

---------------
usbview (3.0-3) unstable; urgency=medium

  * debian/copyright: use spaces rather than tabs to start continuation lines.
  * Update standards version to 4.6.1, no changes needed.
  * Merge minor fixes until merged upstream:
    - "Add AppStream metadata"
       https://github.com/gregkh/usbview/pull/27
    - "Display correctly when a dark GTK+ theme is used"
       https://github.com/gregkh/usbview/pull/27

 -- Barak A. Pearlmutter <email address hidden> Tue, 04 Oct 2022 13:31:41 +0100

usbview (3.0-2) unstable; urgency=medium

  * Patch to #define PATH_MAX, for GNU/Hurd
  * Fully adopt package, per email from Mark Brown, who maintained this
    package for two decades of USB viewing!

 -- Barak A. Pearlmutter <email address hidden> Tue, 25 Jan 2022 14:17:01 +0000

usbview (3.0-1) unstable; urgency=medium

  * Uscan support
  * New upstream version 2.2 (closes: #341647, #1004138, #1004160)
    - includes 2.0-21-g6fe2f4f-2.1 patches; remove from series
  * Trim trailing whitespace.
  * Bump debhelper from deprecated 9 to 13.
  * Set debhelper-compat version in Build-Depends.
  * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository,
    Repository-Browse.
  * Drop unnecessary dependency on dh-autoreconf.
  * Drop unnecessary dh arguments: --parallel
  * Secure upstream repo URL
  * Update standards version to 4.6.0, no changes needed.
  * Remove deprecated debian/menu file (closes: #565294)
  * Harden
  * Modernize and update debian/copyright
  * Add packaging repo on salsa
  * Upstream has desktop file; remove debian/*.desktop
  * Remove icons from debian/, as upstream has them (closes: #987078)
  * Upstream installs man page; no need to do so in debian/
  * Remove upstreamed security patches
  * New upstream version 3.0
    - does not require any privs, so drop policykit stuff like pkexec
    - quilt patch for issue in upstream .desktop file
  * Track upstream for pkexecectomy
  * Rules do not require root
  * Add self as comaintainer

 -- Barak A. Pearlmutter <email address hidden> Mon, 24 Jan 2022 21:15:29 +0000

usbview (2.0-21-g6fe2f4f-2.1) unstable; urgency=high

  * Non-maintainer upload.
  * Fix authorization for inactive or arbitrary other users (CVE-2022-23220)
  * Pass on the command line parameters to GTK only if not invoked via pkexec

 -- Salvatore Bonaccorso <email address hidden> Sat, 15 Jan 2022 13:42:37 +0100

Changed in usbview (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.