[Bug 637215] New: Yast will not start from Gnome System menu
https://bugzilla.novell.com/show_bug.cgi?id=637215 https://bugzilla.novell.com/show_bug.cgi?id=637215#c0 Summary: Yast will not start from Gnome System menu Classification: openSUSE Product: openSUSE 11.3 Version: Final Platform: x86-64 OS/Version: openSUSE 11.3 Status: NEW Severity: Normal Priority: P5 - None Component: GNOME AssignedTo: bnc-team-gnome@forge.provo.novell.com ReportedBy: support@microtechniques.com QAContact: qa@suse.de Found By: --- Blocker: --- Created an attachment (id=387641) --> (http://bugzilla.novell.com/attachment.cgi?id=387641) console messages User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8 (.NET CLR 3.5.30729) Although Yast is listed on the Gnome System menu, it will not start when selected. It will start when called as yast2 from a text-mode command line. There are several errors in the logs which are attached. Reproducible: Always Steps to Reproduce: 1.startx 2.Select Computer 3.Select YaST from System menu Actual Results: Absolutely nothing Expected Results: Yast system startup -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=637215
https://bugzilla.novell.com/show_bug.cgi?id=637215#c1
--- Comment #1 from Don Hughes
https://bugzilla.novell.com/show_bug.cgi?id=637215
https://bugzilla.novell.com/show_bug.cgi?id=637215#c2
Ricardo Cruz
https://bugzilla.novell.com/show_bug.cgi?id=637215
https://bugzilla.novell.com/show_bug.cgi?id=637215#c3
--- Comment #3 from Ricardo Cruz
https://bugzilla.novell.com/show_bug.cgi?id=637215
https://bugzilla.novell.com/show_bug.cgi?id=637215#c
Ricardo Cruz
https://bugzilla.novell.com/show_bug.cgi?id=637215
https://bugzilla.novell.com/show_bug.cgi?id=637215#c4
--- Comment #4 from Ricardo Cruz
https://bugzilla.novell.com/show_bug.cgi?id=637215
https://bugzilla.novell.com/show_bug.cgi?id=637215#c5
--- Comment #5 from Don Hughes
https://bugzilla.novell.com/show_bug.cgi?id=637215
https://bugzilla.novell.com/show_bug.cgi?id=637215#c6
--- Comment #6 from Ricardo Cruz
https://bugzilla.novell.com/show_bug.cgi?id=637215
https://bugzilla.novell.com/show_bug.cgi?id=637215#c7
--- Comment #7 from Don Hughes
https://bugzilla.novell.com/show_bug.cgi?id=637215
https://bugzilla.novell.com/show_bug.cgi?id=637215#c8
Ricardo Cruz
https://bugzilla.novell.com/show_bug.cgi?id=637215
https://bugzilla.novell.com/show_bug.cgi?id=637215#c9
--- Comment #9 from Vincent Untz
https://bugzilla.novell.com/show_bug.cgi?id=637215
https://bugzilla.novell.com/show_bug.cgi?id=637215#c10
--- Comment #10 from Roman Drahtmueller
https://bugzilla.novell.com/show_bug.cgi?id=637215
https://bugzilla.novell.com/show_bug.cgi?id=637215#c11
--- Comment #11 from Vincent Untz
Please have a look at the first few lines of /etc/permissions.paranoid . Then, reconsider.
Can you highlight the lines that tell it's okay to run a desktop session as root? :-) And I've not closed the bug, so it'll be considered. But it might be that there's nothing to fix because of the paranoid mode -- it needs investigation. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=637215
https://bugzilla.novell.com/show_bug.cgi?id=637215#c12
--- Comment #12 from Roman Drahtmueller
https://bugzilla.novell.com/show_bug.cgi?id=637215
https://bugzilla.novell.com/show_bug.cgi?id=637215#c13
--- Comment #13 from Vincent Untz
Frankly, I don't feel inclined to comment on the desktop session as root thingy. :)
Ah apologies, I misunderstood, then :-) I'm tempted to agree with your conclusion, btw. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=637215
https://bugzilla.novell.com/show_bug.cgi?id=637215#c14
--- Comment #14 from Ricardo Cruz
https://bugzilla.novell.com/show_bug.cgi?id=637215
https://bugzilla.novell.com/show_bug.cgi?id=637215#c15
--- Comment #15 from Vincent Untz
Looking at libgnomesu code, it looks like it supports both su and pam as privilege escalation methods. And, apparently, none of which can be used on the paranoid level.
Anyway, I wonder why, when getui() == 0, gnomesu doesn't just do an execv() ?!
I guess we could.
Either way, Vincent, do you this is worth showing an error window? I mean, gnomesu is rarely used via the command-line, so any error message should also be shown in a window...
On the other hand, libgnomesu seems to be lacking maintenance, and, without the supervision of someone knowledge of the code, I'm worried I might introduce some fatal bug in the process of adding an error window there.
If you write a patch, I'll review it. We're more or less upstream for gnomesu, now anyway (even though we don't use any real vcs for it, just our package). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=637215
https://bugzilla.novell.com/show_bug.cgi?id=637215#c16
--- Comment #16 from Don Hughes
https://bugzilla.novell.com/show_bug.cgi?id=637215
https://bugzilla.novell.com/show_bug.cgi?id=637215#c17
--- Comment #17 from Vincent Untz
You say "that running X as root and having paranoid PERMISSION_SECURITY is weird: you should never run a desktop session as root". However, with paranoid PERMISSION_SECURITY, the only way that you CAN run X is as root.
And therefore I wouldn't use X in paranoid mode.
I have an application server that, unfortunately, requires a gui for some of its configuration. Normally, no one is logged into the system. I chose permissions.paranoid for the reduced attack exposure. When I need to make configuration changes, I start X. If you have suggestions for an alternative setup, I would appreciate your input.
I don't have any good suggestion here, unfortunately. I would probably change the mode from paranoid to secure while I have ti run the config tool, but that's just me.
If permissions.paranoid was not intended to be used without modification, please rename it to permissions.paranoid.template, or permissions.paranoid.example; and please edit the comments.
You might want to file a different bug for this -- this is not for the GNOME team.
Regardless of how the permissions got changed - either through PERMISSION_SECURITY or manually - gnomesu should fail a little less obtusely. I have had this problem for a number of months, and it was not obvious that it was really a permissions issue.
Yes, we agree on that :-) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=637215
https://bugzilla.novell.com/show_bug.cgi?id=637215#c18
--- Comment #18 from Ricardo Cruz
If you write a patch, I'll review it. We're more or less upstream for gnomesu, now anyway (even though we don't use any real vcs for it, just our package).
Here is a try. (I haven't tried it yet, since my laptop runs on Ubuntu.) a) it calls show_error_window() in case su and pam fails. b) show_error_window() forks and shows the error window asynchronously (just like service->spawn_async2() would). (presumably g_thread_init() and gtk_init() were already issued by the program -- since neither su.c nor gnomesu-auth-dialog.c do any initialization at this point) c) gnomesu_spawn_command_sync() was changed to cope with the fact that, now, errors can be asynchronous stuff too. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=637215
https://bugzilla.novell.com/show_bug.cgi?id=637215#c19
Ricardo Cruz
https://bugzilla.novell.com/show_bug.cgi?id=637215
https://bugzilla.novell.com/show_bug.cgi?id=637215#c20
--- Comment #20 from Ricardo Cruz
https://bugzilla.novell.com/show_bug.cgi?id=637215
https://bugzilla.novell.com/show_bug.cgi?id=637215#c21
--- Comment #21 from Ricardo Cruz
https://bugzilla.novell.com/show_bug.cgi?id=637215
https://bugzilla.novell.com/show_bug.cgi?id=637215#c22
--- Comment #22 from Ricardo Cruz
https://bugzilla.novell.com/show_bug.cgi?id=637215
https://bugzilla.novell.com/show_bug.cgi?id=637215#c23
Dominique Leuenberger
https://bugzilla.novell.com/show_bug.cgi?id=637215
https://bugzilla.novell.com/show_bug.cgi?id=637215#c24
--- Comment #24 from Don Hughes
participants (1)
-
bugzilla_noreply@novell.com