[Bug 1163606] New: Konsole opens as root from krunner
http://bugzilla.opensuse.org/show_bug.cgi?id=1163606 Bug ID: 1163606 Summary: Konsole opens as root from krunner Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: openSUSE Factory Status: NEW Severity: Normal Priority: P5 - None Component: KDE Workspace (Plasma) Assignee: opensuse-kde-bugs@opensuse.org Reporter: petersenmde@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- I activate krunner using Alt Space, type konsole, hit enter. Konsole opens as root user not as the user I'm logged in as: workstation:~# whoami root workstation:~# echo $PATH /sbin:/bin:/usr/sbin:/usr/bin:/home/user1/bin:/usr/local/bin:/usr/bin:/bin:/usr/lib/mit/bin When I open Konsole from the Application Menu: konsole, hit enter. Konsole opens as the user I'm logged in as: workstation:~> whoami user1 workstation:~> echo $PATH /home/user1/bin:/usr/local/bin:/usr/bin:/bin:/usr/lib/mit/bin workstation:~> cat /etc/os-release NAME="openSUSE Tumbleweed" # VERSION="20200207" ID="opensuse-tumbleweed" ID_LIKE="opensuse suse" VERSION_ID="20200207" PRETTY_NAME="openSUSE Tumbleweed" ANSI_COLOR="0;32" CPE_NAME="cpe:/o:opensuse:tumbleweed:20200207" BUG_REPORT_URL="https://bugs.opensuse.org" HOME_URL="https://www.opensuse.org/" LOGO="distributor-logo" KDE Plasma Version: 5.17.5 KDE Frameworks Version: 5.66.0 Qt Version: 5.14.1 Kernel Version: 5.5.1-1-default OS Type: 64-bit workstation:~# w 10:24:55 up 3 days, 13 min, 4 users, load average: 1.63, 1.39, 1.30 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT STAT1\us tty7 :0 Mon10 3days 21:51 0.06s /usr/bin/startplasma-x11 STAT1\us pts/0 :0 Mon10 3days 0.00s 24.85s kded5 root pts/1 :0 10:11 0.00s 0.04s 0.00s w STAT1\us pts/2 :0 10:20 12.00s 0.04s 0.04s /bin/bash This workstation is joined to a Samba 4.10.13 domain via Yast and uses winbind for user authentication. This issue does not exhibit itself directly after a reboot, but sometime after some amount of uptime. - Notice that the computer has been up for just over 3 days. I recall on the reddit.com/r/OpenSUSE that a user reported a similar issue. Here is the link: https://www.reddit.com/r/openSUSE/comments/dzz4gd/possible_escalation_of_pri... Mark -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1163606 Mark Petersen <petersenmde@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |petersenmde@gmail.com -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1163606 http://bugzilla.opensuse.org/show_bug.cgi?id=1163606#c1 Fabian Vogt <fvogt@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CONFIRMED CC| |fvogt@suse.com Flags| |needinfo?(petersenmde@gmail | |.com) --- Comment #1 from Fabian Vogt <fvogt@suse.com> --- Copying the analysis from the reddit thread:
Ok, so this is what happens: You start dolphin as root with kdesu, which starts a private (empty) DBus session dolphin uses kactivitymanager API over DBus, causing kactivitymanagerd to start kactivitymanagerd uses kglobalaccel API over DBus, causing kglobalaccel to start kglobalaccel5 starts and registers global shortcuts using X11 You press Alt-F2 to start krunner, which gets handled by the kglobaaccel5 running as root (by chance) I've got an idea how this could be avoided, but it's not great as it might break some valid usecase somewhere. If you can, please try this > kglobalaccel patch: https://paste.opensuse.org/view/raw/c2840f8d
Can you try the patch? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1163606 http://bugzilla.opensuse.org/show_bug.cgi?id=1163606#c2 --- Comment #2 from Mark Petersen <petersenmde@gmail.com> --- Created attachment 830072 --> http://bugzilla.opensuse.org/attachment.cgi?id=830072&action=edit journal Attached is the journal -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1163606 http://bugzilla.opensuse.org/show_bug.cgi?id=1163606#c3 --- Comment #3 from Mark Petersen <petersenmde@gmail.com> --- I'll try to compile with your patch, but I will need some pointers on what I need to build (All of KDE or just a few of the components). I looked through the reddit post, but don't see where your quoted text comes from. I did open Dolphin in Super User Mode yesterday. Thanks. Mark -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1163606 http://bugzilla.opensuse.org/show_bug.cgi?id=1163606#c4 --- Comment #4 from Fabian Vogt <fvogt@suse.com> --- (In reply to Mark Petersen from comment #3)
I'll try to compile with your patch, but I will need some pointers on what I need to build (All of KDE or just a few of the components).
Just kglobalaccel.
I looked through the reddit post, but don't see where your quoted text comes from.
It's several layers deep, so not on the first page.
I did open Dolphin in Super User Mode yesterday.
Thanks.
Mark
-- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1163606 http://bugzilla.opensuse.org/show_bug.cgi?id=1163606#c5 --- Comment #5 from Mark Petersen <petersenmde@gmail.com> --- I'm getting the following output while trying to apply the patch: patching file src/runtime/main.cpp Reversed (or previously applied) patch detected! Assume -R? [n] Apply anyway? [n] Skipping patch. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com