Ubuntu
gksu package

gksu and sudo broken in guest session

Bug #604180 reported by John Baptist on 2010-07-11

6

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	gksu (Ubuntu)	Confirmed	Undecided	Unassigned

Bug Description

Binary package hint: gksu

sudo and gksudo don't work in guest sessions on Lucid. By "guest session" I mean in particular the temporary session created and disposed of on the fly by selecting "Guest session" from the session menu.

First, SUDO
Running sudo from a command prompt within a guest session produces the message:
sudo: Unable to change to sudoers gid: Operation not permitted
My understanding is that this is a result of SELinux configuration. This, then, could be understood as security-based design decision, rather than a bug. I am using the default SELinux configuration.

Now, GKSUDO
Running a program through gksudo (such as synaptic or most program on the System|Administration menu) results in a pause of a few seconds, while the system wait cursor spins, followed by nothing. No error message is returned, no visible program is run. I expect that I will be prompted for a password or notified that I don't have permission to execute this command, but that isn't what happens. This is definitely a bug, as the user should be given some kind of feedback on his action.

This is probably not the right package to report this bug in. It seems to be more of an overall security configuration issue. Please provide suggestions if you think this bug should be sent elsewhere. Nevertheless, I filed it in this package because I think the most immediate way to fix this bug is to have gksu give a meaningful error message if it is unable to run sudo.

John Baptist (jepst79) on 2010-07-13

affects:

gksu (Ubuntu) → gdm-guest-session (Ubuntu)

Revision history for this message

Gunnar Hjalmarsson (gunnarhj) wrote on 2010-11-14:

#1

The 'guest' user created by gdm-guest-session is a passwordless system user by design, and gksu fails when trying to prompt for a password. One way to make the error dialog appear might be that gksu checks whether the GDMSESSION environment variable equals 'guest-restricted', and skips the password prompting attempt if it does.

Changed in gksu (Ubuntu):
status:	New → Confirmed
Changed in gdm-guest-session (Ubuntu):
status:	New → Confirmed

Revision history for this message

John Baptist (jepst79) wrote on 2010-11-14:

#2

That depends what you mean by "skip." Obviously, gksu should not allow the program given by its parameter to be executed if the user is guest; if it did, that would be a huge security hole. The correct solution is to mirror the behavior of sudo in a similar situation: if he has no password, display a message that the user lacks sufficient privileges.

Revision history for this message

Gunnar Hjalmarsson (gunnarhj) wrote on 2010-11-14:

#3

sudo-error-dialog.png Edit (17.4 KiB, image/png)

Of course I don't want to allow 'guest' users to use su or sudo; sorry if I didn't express myself clear.

When a regular desktop user tries to load Synaptic, s/he is prompted for the password, and in the next step an error dialog (see attached file) is shown. By skipping the password prompting for guests I simply meant that the error dialog should better be displayed instantly.

Revision history for this message

John Baptist (jepst79) wrote on 2010-11-14:

#4

Ok, that's what I hoped you meant. :)

As I understand gksudo, it is in fact a wrapper for sudo. That is, it always calls sudo regardless, and parses its output to determine if password entry was successful. The source of this bug is that sudo aborts with an error message that gksudo didn't expect.

I believe the bug is in package libgksu, in particular (I suspect) in gksu-run-helper.c.

To fix the bug, we don't need to fundamentally change the behavior of gksudo, we just need to make sure that it deals appropriately with unexpected output from its child process.

Revision history for this message

Gunnar Hjalmarsson (gunnarhj) wrote on 2010-11-14:

#5

I didn't dig that deep in the code, but your analysis sounds plausible to me. Are you possibly about to write a patch? :)

Revision history for this message

John Baptist (jepst79) wrote on 2010-11-14:

#6

I'm trying to. I've found the particular problem, but this code is riddled with bugs.

Revision history for this message

Gunnar Hjalmarsson (gunnarhj) wrote on 2010-11-14:

#7

Does not sound good, considering the security aspects. :(

Please note that Debian should probably be involved. https://wiki.ubuntu.com/Debian/ForUbuntuDevelopers

I noticed that the version of gksu, that is available for Maverick, is considered unstable by Debian. http://packages.debian.org/gksu
Can't help wondering why it's included in a released Ubuntu version.

Anyway, great that you try to help fix it. Happy coding! :)

Revision history for this message

Gunnar Hjalmarsson (gunnarhj) wrote on 2011-04-04:

#8

Nothing to do in gdm-guest-session, so setting status "Invalid". Leaving package gksu (ubuntu) unchanged.

Changed in gdm-guest-session (Ubuntu):
status:	Confirmed → Invalid

Adolfo Jayme Barrientos (fitojb) on 2013-06-26

no longer affects:

gdm-guest-session (Ubuntu)

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

sudo-error-dialog.png Edit

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.