Can't elevate privledges on administrative tasks

Bug #398849 reported by Darren on 2009-07-13
100
This bug affects 16 people
Affects Status Importance Assigned to Milestone
GTK+
Fix Released
Medium
gtk+2.0 (Ubuntu)
High
Ubuntu Desktop Bugs
Declined for Karmic by Sebastien Bacher
libgksu (Ubuntu)
High
Michael Vogt
Declined for Karmic by Sebastien Bacher

Bug Description

using sudo from terminal works, gksu/gksudo fails to accept correct password.
--
Binary package hint: gksu

Description: Ubuntu karmic (development branch)
Release: 9.10

After updates this morning, any task that prompts for an administrative password "enter your password to perform administrative tasks" ((ex. Update Manager) is not accepting my password and responds with "Incorrect password... try again"

I changed my password and still get the same results. Launching the programs from an already elevated shell lets me use them normally as they no longer ask for a password.

To reproduce on my system.

1. Open terminal and run "gksudo gedit"
2. Enter Password
3. Receive "incorrect password" message

Would expect password to be accepted.

Related branches

Changed in gksu (Ubuntu):
status: New → Confirmed
Charlie Kravetz (charlie-tca) wrote :

Thanks for reporting this bug and any supporting documentation. Since this bug has enough information provided for a developer to begin work, I'm going to mark it as confirmed and let them handle it from here.

I am attaching several log reports; syslog gives the following error:
"Jul 13 09:24:58 wecan console-kit-daemon[3412]: WARNING: Couldn't read /proc/3411/environ: Failed to open file '/proc/3411/environ': No such file or directory ".
~/.xsessions-error log gives me "Gtk-Message: Failed to load module "canberra-gtk-module": /usr/lib/gtk-2.0/modules/libcanberra-gtk-module.so: wrong ELF class: ELFCLASS64" also.
I don't know if it applies or not. Also attaching the dpkg.log from today's updates, and auth.log which shows the failed password attempts. I can enter the password using 'sudo' and have it accepted.

I am marking this as a security risk, since I don't know what the actual effects of this issue are.

 Thanks for taking the time to make Ubuntu better!

Changed in gksu (Ubuntu):
importance: Undecided → High
status: Confirmed → Triaged
Charlie Kravetz (charlie-tca) wrote :
description: updated
Charlie Kravetz (charlie-tca) wrote :
Charlie Kravetz (charlie-tca) wrote :
Charlie Kravetz (charlie-tca) wrote :
Charlie Kravetz (charlie-tca) wrote :
Charlie Kravetz (charlie-tca) wrote :
tags: added: karmic
security vulnerability: no → yes
Kib Reed (kib) wrote :

Not sure if the information is useful, but this issue occurs on both my amd64 system and my i386 installation.

Jacob Peddicord (jpeddicord) wrote :

Is this really a security vulnerability? Nothing as far as I can see is vulnerable, gksu just isn't able to authenticate.

I just got hit by this too. I cant even run apport on gksu, it says it doesnt exist:
$ apport-cli -fp gsku

*** Collecting problem information

The collected information can be sent to the developers to improve the
application. This might take a few minutes.
.
*** Error: Invalid problem report

Package gsku does not exist

Press any key to continue...

Charlie Kravetz (charlie-tca) wrote :

jacob: I do not know the full ramifications of this issue. I could not make that determination, as I stated when confirming this issue. I will allow the security team to decide, they are the experts in security.

Sebastien Bacher (seb128) wrote :

the issue is not a security one it's just gtk giving the password as "******" rather than giving the text to sudo

security vulnerability: yes → no
Michael Vogt (mvo) on 2009-07-13
Changed in gksu (Ubuntu):
assignee: nobody → Michael Vogt (mvo)
status: Triaged → Fix Committed
affects: gksu (Ubuntu) → libgksu (Ubuntu)
Changed in gtk+2.0 (Ubuntu):
assignee: nobody → Ubuntu Desktop Bugs (desktop-bugs)
importance: Undecided → High
status: New → Confirmed
Michael Vogt (mvo) wrote :

This diff should workaround it:

diff -u libgksu-2.0.12/debian/changelog libgksu-2.0.12/debian/changelog
--- libgksu-2.0.12/debian/changelog
+++ libgksu-2.0.12/debian/changelog
@@ -1,3 +1,11 @@
+libgksu (2.0.12-1ubuntu3) karmic; urgency=low
+
+ * debian/patches/02_woraround_gtk_editable_bug.patch:
+ - workaround problem in gtk 2.17.4 with gtkeditable
+ (LP: #398849)
+
+ -- Michael Vogt <email address hidden> Mon, 13 Jul 2009 18:39:44 +0200
+
 libgksu (2.0.12-1ubuntu2) karmic; urgency=low

   * debian/patches/01_revert_forkpty.patch:
only in patch2:
unchanged:
--- libgksu-2.0.12.orig/debian/patches/02_woraround_gtk_editable_bug.patch
+++ libgksu-2.0.12/debian/patches/02_woraround_gtk_editable_bug.patch
@@ -0,0 +1,15 @@
+diff -Nur -x '*.orig' -x '*~' libgksu-2.0.12/libgksuui/gksuui-dialog.c libgksu-2.0.12.new/libgksuui/gksuui-dialog.c
+--- libgksu-2.0.12/libgksuui/gksuui-dialog.c 2008-05-09 19:39:54.000000000 +0200
++++ libgksu-2.0.12.new/libgksuui/gksuui-dialog.c 2009-07-13 18:41:20.598305294 +0200
+@@ -527,9 +527,9 @@
+ gchar*
+ gksuui_dialog_get_password (GksuuiDialog *dialog)
+ {
+- GtkEditable *entry = GTK_EDITABLE(dialog->entry);
++ GtkEntry *entry = GTK_ENTRY(dialog->entry);
+
+- return gtk_editable_get_chars (entry, 0, -1);
++ return gtk_entry_get_text (entry);
+ }
+
+ /**

I just got hit by this too. I cant even run apport on gksu, it says it doesnt exist:
$ apport-cli -fp gsku

*** Collecting problem information

The collected information can be sent to the developers to improve the
application. This might take a few minutes.
.
*** Error: Invalid problem report

Package gsku does not exist

Press any key to continue...

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libgksu - 2.0.12-1ubuntu3

---------------
libgksu (2.0.12-1ubuntu3) karmic; urgency=low

  * debian/patches/02_woraround_gtk_editable_bug.patch:
    - workaround problem in gtk 2.17.4 with gtkeditable
      (LP: #398849)

 -- Michael Vogt <email address hidden> Mon, 13 Jul 2009 18:39:44 +0200

Changed in libgksu (Ubuntu):
status: Fix Committed → Fix Released
Changed in gtk+2.0 (Ubuntu):
status: Confirmed → Triaged
Jean.c.h (slug71) wrote :

Coonfirmed here too. This also happens with Update Manager for me.

Changed in gtk:
status: Unknown → New
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gtk+2.0 - 2.17.4-0ubuntu2

---------------
gtk+2.0 (2.17.4-0ubuntu2) karmic; urgency=low

  * debian/patches/092_git_fix_gtkentry_get_chars.patch:
    - git change to fix an issue with gtk_entry_get_chars (lp: #398849)
  * debian/patches/093_git_fix_single_include_error.patch:
    - git change to not enforce single include for gtkentry
  * debian/rules:
    - updated shlibs version

 -- Sebastien Bacher <email address hidden> Mon, 13 Jul 2009 19:47:54 +0200

Changed in gtk+2.0 (Ubuntu):
status: Triaged → Fix Released
Dave Stroud (bigdavesr) wrote :

just ran the update fix , Mine is now working fine.. thanks

Darren (darren-insanities) wrote :

After applying updates ( libgksu2-0 (2.0.12-1ubuntu2) to 2.0.12-1ubuntu3) everything is now working as expected.

Changed in gtk:
status: New → Fix Released
jfgordon (jfgordon2) wrote :
Download full text (5.2 KiB)

This started happening to me immediately after I installed gparted - installed daily CD 9/26/09. After that package, applications that required admin privileges came up with additional options to remember the password, etc, but wouldn't accept my password - can't even launch the terminal from the menu, but I can launch things as root by Alt-F2 gksu and then launching whatever I need like gnome-terminal...etc. I made sure that my user name was still part of the admin group, but I wouldn't know where to begin beyond just a few basics... I'm getting all sorts of errors when just trying to run gnome-system-log:

root@lappy1537:/home/jeff# gnome-system-log
GConf Error: Failed to contact configuration server; some possible causes are that you need to enable TCP/IP networking for ORBit, or you have stale NFS locks due to a system crash. See http://projects.gnome.org/gconf/ for information. (Details - 1: Server ping error: IDL:omg.org/CORBA/COMM_FAILURE:1.0)
GConf Error: Failed to contact configuration server; some possible causes are that you need to enable TCP/IP networking for ORBit, or you have stale NFS locks due to a system crash. See http://projects.gnome.org/gconf/ for information. (Details - 1: Server ping error: IDL:omg.org/CORBA/COMM_FAILURE:1.0)
GConf Error: Failed to contact configuration server; some possible causes are that you need to enable TCP/IP networking for ORBit, or you have stale NFS locks due to a system crash. See http://projects.gnome.org/gconf/ for information. (Details - 1: Server ping error: IDL:omg.org/CORBA/COMM_FAILURE:1.0)
GConf Error: Failed to contact configuration server; some possible causes are that you need to enable TCP/IP networking for ORBit, or you have stale NFS locks due to a system crash. See http://projects.gnome.org/gconf/ for information. (Details - 1: Server ping error: IDL:omg.org/CORBA/COMM_FAILURE:1.0)
GConf Error: Failed to contact configuration server; some possible causes are that you need to enable TCP/IP networking for ORBit, or you have stale NFS locks due to a system crash. See http://projects.gnome.org/gconf/ for information. (Details - 1: Server ping error: IDL:omg.org/CORBA/COMM_FAILURE:1.0)
GConf Error: Failed to contact configuration server; some possible causes are that you need to enable TCP/IP networking for ORBit, or you have stale NFS locks due to a system crash. See http://projects.gnome.org/gconf/ for information. (Details - 1: Server ping error: IDL:omg.org/CORBA/COMM_FAILURE:1.0)
**
gnome-system-log:ERROR:logview-prefs.c:540:logview_prefs_store_fontsize: assertion failed: (fontsize > 0)
Aborted (core dumped)

And when I run gksu from this terminal, and try to run 'synaptic' as user 'jeff'

root@lappy1537:/home/jeff# gksu
GConf Error: Failed to contact configuration server; some possible causes are that you need to enable TCP/IP networking for ORBit, or you have stale NFS locks due to a system crash. See http://projects.gnome.org/gconf/ for information. (Details - 1: Server ping error: IDL:omg.org/CORBA/COMM_FAILURE:1.0)
GConf Error: Failed to contact configuration server; some possible causes are that you need to enable TCP/IP networking for ORBit, or you have stale ...

Read more...

Changed in gtk:
importance: Unknown → Medium
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.