lxqt-policykit crashes with general protection fault in libgobject-2.0

Bug #1875774 reported by Chris Guiver
46
This bug affects 9 people
Affects Status Importance Assigned to Milestone
LXQt
New
Unknown
lxqt-policykit (Ubuntu)
High
Unassigned

Bug Description

[Impact]
On Lubuntu systems with more than one sudoer, lxqt-policykit prior to version 0.17.0 crashes due to calling g_object_unref twice on the same object.

[Test Plan]
STEPS TO REPRODUCE
==================
 1. Boot post-18.04 Lubuntu
 2. Use lxqt-admin-user to create a second user (let's call it user2)
 3. Use lxqt-admin-user to add user2 to sudo
 4. Logout and back in again (yes, this is a requirement to reproduce— if you want, you can first remove user2's sudo and it will work, but then add it back and continue on)
 5. User lxqt-admin-user to try to remove user2's membership in the sudo group (fail)
 6. Try running pkexec against something. Since synaptic is well set up for it, this is a good example, so install synaptic and run `synaptic-pkexec` (fail)
 7. Remove user2's membership in the sudo group for sure with `sudo usermod -G "" user2`
 8. Try running the pkexec command again (success)

EXPECTED RESULT
===============
Both the pkexec and the lxqt-admin-user change succeed without crashing.

ACTUAL RESULT
=============
lxqt-policykit crashes, e.g:
[ 764.849494] traps: lxqt-policykit-[1598] general protection fault ip:7f8c94773671 sp:7ffc5acf6618 error:0 in libgobject-2.0.so.0.6400.2[7f8c94745000+36000]

[Regression Potential]
It might be possible, that not all sessions are deleted.
Or the patch was not properly updated and introduces new bugs.

[Other info]
ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: lxqt-admin 0.14.1-1ubuntu1
ProcVersionSignature: Ubuntu 5.4.0-28.32-generic 5.4.30
Uname: Linux 5.4.0-28-generic x86_64
ApportVersion: 2.20.11-0ubuntu27
Architecture: amd64
CasperMD5CheckResult: skip
CurrentDesktop: LXQt
Date: Wed Apr 29 12:04:34 2020
InstallationDate: Installed on 2020-04-28 (0 days ago)
InstallationMedia: Lubuntu 20.04 LTS "Focal Fossa" - Release amd64 (20200423)
SourcePackage: lxqt-admin
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
Chris Guiver (guiverc) wrote :
Revision history for this message
Chris Guiver (guiverc) wrote :

guiverc@dc7700-lub:~$ strace /usr/bin/lxqt-admin-user 2>lxqt-admin-user_rm_pw_admin_from_sudo.strace

On executing, there is some mouse movement as I drag window to a comfortable position, then I tried to keep movement to a minimum as I selected 'pw_admin' user, properties & tried to remove 'sudo' rights..

Revision history for this message
Chris Guiver (guiverc) wrote :

the strace in #2 maybe different; I cannot find

`statx(AT_FDCWD, "/usr/local/sbin`

that I can see in screen output when executed without saving output & Authentication box appears just prior to error.popup.

summary: - Lubuntu 20.04 xlqt-admin-user Action (usermod) failed
+ Lubuntu 20.04 lxqt-admin-user Action (usermod) failed
Revision history for this message
Chris Guiver (guiverc) wrote : Re: Lubuntu 20.04 lxqt-admin-user Action (usermod) failed

this is comment #2 repeated (after delay to ensure privileges were lost)

I can find

`statx(AT_FDCWD, "/usr/local/sbin/pkexec",`

on this one, which is where I suspect near/where things go wrong..

Revision history for this message
Chris Guiver (guiverc) wrote :

User @scro on https://discourse.lubuntu.me/t/no-authorization-after-adding-user/1033/11 indicated an opinion that it maybe a regression...

"Interestingly though, when I use a stick with version 19.10 with multiple users and do an update, everything works just fine. It doesn’t work with a new installation though."

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in lxqt-admin (Ubuntu):
status: New → Confirmed
Revision history for this message
Erik Carmack (eriktech) wrote :

I can confirm this problem when a new Lubuntu 20.04 is installed.

Revision history for this message
linuxball (linuxball) wrote :

I can confirm this issue after a fresh install of Lubuntu 20.04 on a Medion Akoya P8610, too.

Revision history for this message
Davide Verne' (psychotrain65) wrote :

I can confirm the issue after a fresh install of Lubuntu 20.04 on an old Asus X201E.

I could revert the behaviour to normal deleting adm and sudo from second user groups. It seems that Lubuntu 20.04 accepts only one admin...

Revision history for this message
Chris (geekfrog) wrote :

synaptic starts ok with sudo (don't do this?!) but not with the desktop entry which is basically `pkexec synaptic`. So I think this supports Chris's hypothesis

Revision history for this message
q4a (q4a) wrote :

I'm getting
[ 598.506741] traps: lxqt-policykit-[1687] general protection fault ip:7f1023e0f671 sp:7ffdc0298888 error:0 in libgobject-2.0.so.0.6400.3[7f1023de1000+36000]

After running `synaptic-pkexec` and enter password.

Check this bug (may be related or duplicate) - https://bugs.launchpad.net/ubuntu/+source/lxqt-policykit/+bug/1899782

Revision history for this message
Uwe Maas (littlealf) wrote :

I can confirm the remedie of removing all other users except one from the sudo group (see psychotrain65 from 2020-06-14):

I had two users as sudo. I removed them alternately. As long as I had only one user in sudo everything worked as expected. It did not matter which user. As soon as two users were in sudo the admin-user action failed.

Why does Lubuntu support one user in sudo only?

Revision history for this message
Walter Lapchynski (wxl) wrote :

So the steps to reproduce this are somewhat unclear, so let me know if I did anything wrong:

 1. Boot fresh installation of Lubuntu 20.04
 2. Use lxqt-admin-user to create a second user (let's call it user2)
 3. Use lxqt-admin-user to add user2 to sudo
 4. Logout and back in again (yes, this is a requirement to reproduce— if you want, you can first remove user2's sudo and it will work, but then add it back and continue on)
 5. User lxqt-admin-user to try to remove user2's membership in the sudo group (fail)
 6. Try running pkexec against something. Since synaptic is well set up for it, this is a good example, so install synaptic and run `synaptic-pkexec` (fail)
 7. Remove user2's membership in the sudo group for sure with `sudo usermod -G "" user2`
 8. Try running the pkexec command again (success)

I did check this also against the adm group and it didn't seem to have an effect.

Anyways, I'm pretty sure the error, if anywhere, exists in lxqt-policykit. It's had like almost zero upstream issues, so that's interesting.

It's also possible this is a pkexec issue of some kind. It has caused many headaches for folks.

I'm updating my machine running off of LXQt's git master and we'll see if it behaves any better.

Revision history for this message
Uwe Maas (littlealf) wrote :

@wxl:

Yes, your steps to reproduce are correct. Except that I did not try it with pkexec. Instead I tried it with diskmanager, which automatically asks for root privileges. (I do not know which program it invokes.)

Revision history for this message
Walter Lapchynski (wxl) wrote :

Well, I've confirmed this with the latest upstream sources.

Revision history for this message
Walter Lapchynski (wxl) wrote :

BTW I happened to have an Eoan VM laying around and tested it out and found the same problem. so this has actually been long standing. We'll see what upstream says.

affects: lxqt-admin (Ubuntu) → lxqt-policykit (Ubuntu)
Changed in lxqt-policykit (Ubuntu):
importance: Undecided → High
status: Confirmed → Triaged
summary: - Lubuntu 20.04 lxqt-admin-user Action (usermod) failed
+ lxqt-policykit crashes with general protection fault in libgobject-2.0
Walter Lapchynski (wxl)
description: updated
Changed in lxqt:
status: Unknown → New
Revision history for this message
Bryan Cebuliak (bryan-cebuliak-gmail) wrote :

According to upstream this bug is fixed in lxqt-policykit 0.17.0. However, there are no Debian or Ubuntu packages to test above 0.16.0.
https://github.com/lxqt/lxqt-policykit/issues/117

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package lxqt-policykit - 0.17.0-0ubuntu1

---------------
lxqt-policykit (0.17.0-0ubuntu1) impish; urgency=medium

  * New upstream release 0.17.0 (LP: #1875774)
  * Update debian/control
    - Bump Standards-Version to 4.5.1
    - Use liblxqt0-dev 0.17.0
    - Extend lxqt-policykit-l10n package description
  * Update debian/copyright

 -- apt-ghetto <email address hidden> Fri, 13 Aug 2021 14:41:25 +0200

Changed in lxqt-policykit (Ubuntu):
status: Triaged → Fix Released
apt-ghetto (apt-ghetto)
description: updated
Revision history for this message
apt-ghetto (apt-ghetto) wrote :

debdiff for hirsute

Revision history for this message
apt-ghetto (apt-ghetto) wrote :

debdiff for focal

description: updated
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.