[Bug 230283] New: Usb privilege retrieval
https://bugzilla.novell.com/show_bug.cgi?id=230283 Summary: Usb privilege retrieval Product: openSUSE 10.2 Version: Final Platform: x86 OS/Version: SuSE Other Status: NEW Severity: Major Priority: P5 - None Component: KDE AssignedTo: kde-maintainers@suse.de ReportedBy: marcus90@gmail.com QAContact: qa@suse.de After someone accesses a kde program under root credentials, and in the same session a pen drive is plugged in then the mount manager will open 2 instances of itself, one with the user credentials and one with the root credentials, and if you choose to open the drive in a folder with the root mount manager, it will open a file manager under root credentials without asking for a password. Must be notiched, though, that this happens even if the program with root credentials has been terminated before the plugging of the flash disk. Thanks in Advance, Marcus905 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=230283 ------- Comment #1 from marcus90@gmail.com 2006-12-26 17:58 MST ------- After further testing I've found that this behaviour happens approximately in 9 cases over 10, while in the remaining case only the root OR the user mountmanager activates. Also this happens with any usb devices with an usb MSD class with a medium inside, and if the MSD is already plugged, upon the insertion of a new medium. Also, if somebody could, the correct summary for this bug should be changed to 'USB pen drive privilege escalation and retrieval' to better explain the problem. Thanks in Advance, Marcus905 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=230283 wstephenson@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |wstephenson@novell.com, coolo@novell.com Severity|Major |Normal Summary|Usb privilege retrieval |Multiple kdeds try to handle media plug events ------- Comment #2 from wstephenson@novell.com 2007-01-09 06:44 MST ------- It's not a classic privilege escalation problem - each kde session (this includes the one started by root) has its own kded (KDE Daemon), which tries to handle the media plug event, and opens the media dialog. Each process keeps the correct privileges. In addition, hal prevents root from mounting devices. The problem is that each kded attempts to handle the event simultaneously and without reference to each other, which is messy. kded should decide whether it should try to handle events, or else hal could impose a policy affecting which processes it will send events to. My first attempt at a policy is "only the first desktop session should handle media plug events". I guess this is a job for resmgr. Coolo, what do you think? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=230283 ------- Comment #3 from coolo@novell.com 2007-01-09 07:11 MST ------- the first session is not good enough, the user expects the current session to prompt him. But if root can't mount, then root's kded shouldn't react at all, but this won't solve the real problem -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=230283 llunak@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO Info Provider| |marcus90@gmail.com ------- Comment #4 from llunak@novell.com 2007-02-15 06:22 MST -------
After someone accesses a kde program under root credentials
What exactly does that mean? I.e. how should one reproduce? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=230283 marcus90@gmail.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW Info Provider|marcus90@gmail.com | ------- Comment #5 from marcus90@gmail.com 2007-02-15 14:20 MST -------
What exactly does that mean? I.e. how should one reproduce?
Try to do, as in my case: $ su and then after changing to root # kppp then again connect and plug a usb disk. You will notice that 2 kdeds will popup, one with root credentials and one with user credentials, even if you had just closed kppp (or the program executed as root). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=230283 ------- Comment #6 from llunak@novell.com 2007-02-16 09:15 MST ------- Created an attachment (id=119671) --> (https://bugzilla.novell.com/attachment.cgi?id=119671&action=view) kdelibs patch -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=230283 ------- Comment #7 from llunak@novell.com 2007-02-16 09:15 MST ------- Created an attachment (id=119672) --> (https://bugzilla.novell.com/attachment.cgi?id=119672&action=view) kdebase3 patch -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=230283 llunak@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |Fix_is_Ready ------- Comment #8 from llunak@novell.com 2007-02-16 09:17 MST ------- Fixed upstream, here are the patches. I'm not sure it's even worth including them as patches, this is only about the case of running sudo or su that doesn't clear the environment and kdesu is not affected. Note it's also different from bug #239611 (real multiple sessions trying to handle it). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=230283 stbinner@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED Summary|Multiple kdeds try to handle|[Fix_is_Ready:10.2] Multiple kdeds try to handle |media plug events |media plug events ------- Comment #9 from stbinner@novell.com 2007-02-20 02:26 MST ------- We will pick it up from upstream for Factory with next branch sync. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=230283 dmueller@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords|Fix_is_Ready | Summary|[Fix_is_Ready:10.2] Multiple|Multiple kdeds try to handle media plug events |kdeds try to handle media | |plug events | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
participants (1)
-
bugzilla_noreply@novell.com