gksu and sudo broken in guest session

Bug #604180 reported by John Baptist on 2010-07-11
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
gksu (Ubuntu)
Undecided
Unassigned

Bug Description

Binary package hint: gksu

sudo and gksudo don't work in guest sessions on Lucid. By "guest session" I mean in particular the temporary session created and disposed of on the fly by selecting "Guest session" from the session menu.

First, SUDO
Running sudo from a command prompt within a guest session produces the message:
sudo: Unable to change to sudoers gid: Operation not permitted
My understanding is that this is a result of SELinux configuration. This, then, could be understood as security-based design decision, rather than a bug. I am using the default SELinux configuration.

Now, GKSUDO
Running a program through gksudo (such as synaptic or most program on the System|Administration menu) results in a pause of a few seconds, while the system wait cursor spins, followed by nothing. No error message is returned, no visible program is run. I expect that I will be prompted for a password or notified that I don't have permission to execute this command, but that isn't what happens. This is definitely a bug, as the user should be given some kind of feedback on his action.

This is probably not the right package to report this bug in. It seems to be more of an overall security configuration issue. Please provide suggestions if you think this bug should be sent elsewhere. Nevertheless, I filed it in this package because I think the most immediate way to fix this bug is to have gksu give a meaningful error message if it is unable to run sudo.

John Baptist (jepst79) on 2010-07-13
affects: gksu (Ubuntu) → gdm-guest-session (Ubuntu)
Gunnar Hjalmarsson (gunnarhj) wrote :

The 'guest' user created by gdm-guest-session is a passwordless system user by design, and gksu fails when trying to prompt for a password. One way to make the error dialog appear might be that gksu checks whether the GDMSESSION environment variable equals 'guest-restricted', and skips the password prompting attempt if it does.

Changed in gksu (Ubuntu):
status: New → Confirmed
Changed in gdm-guest-session (Ubuntu):
status: New → Confirmed
John Baptist (jepst79) wrote :

That depends what you mean by "skip." Obviously, gksu should not allow the program given by its parameter to be executed if the user is guest; if it did, that would be a huge security hole. The correct solution is to mirror the behavior of sudo in a similar situation: if he has no password, display a message that the user lacks sufficient privileges.

Gunnar Hjalmarsson (gunnarhj) wrote :

Of course I don't want to allow 'guest' users to use su or sudo; sorry if I didn't express myself clear.

When a regular desktop user tries to load Synaptic, s/he is prompted for the password, and in the next step an error dialog (see attached file) is shown. By skipping the password prompting for guests I simply meant that the error dialog should better be displayed instantly.

John Baptist (jepst79) wrote :

Ok, that's what I hoped you meant. :)

As I understand gksudo, it is in fact a wrapper for sudo. That is, it always calls sudo regardless, and parses its output to determine if password entry was successful. The source of this bug is that sudo aborts with an error message that gksudo didn't expect.

I believe the bug is in package libgksu, in particular (I suspect) in gksu-run-helper.c.

To fix the bug, we don't need to fundamentally change the behavior of gksudo, we just need to make sure that it deals appropriately with unexpected output from its child process.

Gunnar Hjalmarsson (gunnarhj) wrote :

I didn't dig that deep in the code, but your analysis sounds plausible to me. Are you possibly about to write a patch? :)

John Baptist (jepst79) wrote :

I'm trying to. I've found the particular problem, but this code is riddled with bugs.

Gunnar Hjalmarsson (gunnarhj) wrote :

Does not sound good, considering the security aspects. :(

Please note that Debian should probably be involved. https://wiki.ubuntu.com/Debian/ForUbuntuDevelopers

I noticed that the version of gksu, that is available for Maverick, is considered unstable by Debian. http://packages.debian.org/gksu
Can't help wondering why it's included in a released Ubuntu version.

Anyway, great that you try to help fix it. Happy coding! :)

Gunnar Hjalmarsson (gunnarhj) wrote :

Nothing to do in gdm-guest-session, so setting status "Invalid". Leaving package gksu (ubuntu) unchanged.

Changed in gdm-guest-session (Ubuntu):
status: Confirmed → Invalid
Adolfo Jayme (fitojb) on 2013-06-26
no longer affects: gdm-guest-session (Ubuntu)
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers