[Bug 688267] New: KDE fails to remember authorization for polkit org.kde.powerdevil.backlighthelper.brightness
https://bugzilla.novell.com/show_bug.cgi?id=688267 https://bugzilla.novell.com/show_bug.cgi?id=688267#c0 Summary: KDE fails to remember authorization for polkit org.kde.powerdevil.backlighthelper.brightness Classification: openSUSE Product: openSUSE 11.4 Version: Final Platform: All OS/Version: openSUSE 11.4 Status: NEW Severity: Normal Priority: P5 - None Component: KDE4 Workspace AssignedTo: kde-maintainers@suse.de ReportedBy: masterpatricko@gmail.com QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:2.0.0) Gecko/20100101 Firefox/4.0 Default installation of openSUSE 11.4 / KDE 4.6. Whenever resuming from standby or switching to console and back, user is prompted for password to set brightness level (polkit action org.kde.powerdevil.backlighthelper.setbrightness). Option to "Remember authorization", with or without "for this session only", does not behave as described. Reproducible: Always Steps to Reproduce: 1. Standby or switch to console, then return 2. Fill in password as requested by polkit, choosing "Remember authorization" 3. Try standby / console again Actual Results: Prompted for password again Expected Results: Authorization is retained Adjusting brightness while KDE is running works fine. Is this an active/inactive console problem? I notice that the default privs are auth_admin:auth_admin:auth_admin (no keep_always, though I tried that and it didn't work either) Workaround is to add to /etc/polkit-default-privs.local org.kde.powerdevil.backlighthelper.brightness yes:yes:yes org.kde.powerdevil.backlighthelper.setbrightness yes:yes:yes and run /sbin/set_polkit_default_privs -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=688267 https://bugzilla.novell.com/show_bug.cgi?id=688267#c1 Tejas Guruswamy <masterpatricko@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P2 - High Summary|KDE fails to remember |KDE fails to remember |authorization for polkit |authorization for polkit |org.kde.powerdevil.backligh | |thelper.brightness | Severity|Normal |Major --- Comment #1 from Tejas Guruswamy <masterpatricko@gmail.com> 2011-04-25 08:48:19 UTC --- Actually KDE seems to fail to "Remember authorization" from all PolKit dialogs, not just the set brightness one. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=688267 https://bugzilla.novell.com/show_bug.cgi?id=688267#c2 Sven Burmeister <sven.burmeister@gmx.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |sven.burmeister@gmx.net --- Comment #2 from Sven Burmeister <sven.burmeister@gmx.net> 2011-06-27 22:14:20 UTC --- It always worked for me. What's special about your setup – or mine? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=688267 https://bugzilla.novell.com/show_bug.cgi?id=688267#c3 --- Comment #3 from Tejas Guruswamy <masterpatricko@gmail.com> 2011-06-27 22:42:37 UTC --- Any clues on which specific bits to look at? Does polkit-kde keep configuration files or logs? This issue has come up on the mailing lists for others as well. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=688267 https://bugzilla.novell.com/show_bug.cgi?id=688267#c4 --- Comment #4 from Ludwig Nussel <lnussel@novell.com> 2011-06-28 15:58:44 CEST --- polkit1 has no means to control "remember authorization" IIRC. It just does that always for a certain time and then forgets about it if the setting is auth_admin_keep. Switching the active console will activate a different setting. So the default setting of auth_admin:auth_admin:yes will require authorization if KDE tries to set brightness while in the background. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=688267 https://bugzilla.novell.com/show_bug.cgi?id=688267#c5 --- Comment #5 from Sven Burmeister <sven.burmeister@gmx.net> 2011-06-28 15:03:08 UTC --- What I do not understand is that I am never asked for any brightness change, not after resuming, nor after changing to tty1 or anything else. So why do some get that dialogue and I do not? Does it depend on the notebook one uses? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=688267 https://bugzilla.novell.com/show_bug.cgi?id=688267#c6 --- Comment #6 from Ludwig Nussel <lnussel@novell.com> 2011-06-28 17:27:07 CEST --- Some hardware allows to change brightness via an X extension AFAIK, no policykit involved then. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=688267 https://bugzilla.novell.com/show_bug.cgi?id=688267#c7 --- Comment #7 from Sven Burmeister <sven.burmeister@gmx.net> 2011-06-28 15:31:38 UTC --- Ah, sounds like a sensible explanation. Is there a way to check what kind of hardware one's notebook is using? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=688267 https://bugzilla.novell.com/show_bug.cgi?id=688267#c8 --- Comment #8 from Tejas Guruswamy <masterpatricko@gmail.com> 2011-06-29 11:06:31 UTC --- Further descriptions of the problem http://lists.opensuse.org/opensuse/2011-05/msg00857.html http://lists.opensuse.org/opensuse-kde/2011-04/msg00094.html http://lists.opensuse.org/opensuse-kde/2011-03/msg00078.html If polkit can't remember authorizations, why is that option available in the KDE polkit authorization dialog box? If it is true that there is no remember authorization facility, then something else has to be changed because asking for root password every time you wake the laptop is clearly unreasonable. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=688267 https://bugzilla.novell.com/show_bug.cgi?id=688267#c9 Robert Davies <rob.opensuse.linux@googlemail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |rob.opensuse.linux@googlema | |il.com --- Comment #9 from Robert Davies <rob.opensuse.linux@googlemail.com> 2011-07-06 12:23:09 UTC --- I received this after returning from locked (blank) screen saver on i686, Tumbleweed install. System policies prevent you from getting the brighness level. An application is attempting to perform an action that requires privileges. Authentication is req'd .. Password for root: [ ] Remember authorization Application : Action: Get brighness Vendor: KDE polkit.subject.pid: 3226 polkit.caller.pid: 3971 ladm@oak:~> ps aux |grep 3971 root 3971 0.0 0.7 38152 7428 ? Sl 11:37 0:00 /usr/lib/kde4/libexec/backlighthelper This popup authorisation should BE REMOVED, for security reasons it is very VERY misguided to have low level software be capable of asking for "authentication" at some random point. The purpose of authentication in features like login, su or kdesu, are to prove that you have "root access", the program already has the privileges. This ridiculous request for root pass for backlighthelper, will encourage social engineering pass collection attacks via popups, as well as infuriate end users, worse than Windows UAC (there a confirmation click on screen dim, is all that's required)! Issues like this should be handled by an error pop up, if the privileges of a "helper" program are insufficient for it to operate, it's a configuration error. The bug "rembering authorisation" ought not to be fixed, but the root pass Authentication, ought only be possible for programs that are setuid or have gain privileged capabilities, and wish to verify the end user's right. There's a design error in way polkit is implemented it seems, think LWN had an article a while back to on similar problems in Fedora, polkit introduction. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=688267 https://bugzilla.novell.com/show_bug.cgi?id=688267#c10 --- Comment #10 from Robert Davies <rob.opensuse.linux@googlemail.com> 2011-07-13 11:52:54 UTC --- Had similar (but different) crazy popup asking for root password, for something wanting access to package kit, I suspect the updater applet. Unfortunately the popup disappearred before I copy and pasted the details to save them, this just reinforces my opinion that this "get root password" popup should be changed to something sane, like "Progam X does not have the rights in policy kit to do Y". -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=688267 https://bugzilla.novell.com/show_bug.cgi?id=688267#c11 Will Stephenson <wstephenson@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED CC| |wstephenson@suse.com Resolution| |DUPLICATE Severity|Major |Critical --- Comment #11 from Will Stephenson <wstephenson@suse.com> 2011-11-17 23:50:57 UTC --- Dupe *** This bug has been marked as a duplicate of bug 680586 *** http://bugzilla.novell.com/show_bug.cgi?id=680586 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com