Disallow executing kate and kwrite as root on Linux
Summary: Running GUI applications as root is a huge security risk. Especially the X server is not secured for that. Non-root applications can easily interact with a root running application and thus try to exploit simple bugs in either kate/kwrite itself or in the underlying libraries such as Qt, XLib or xcb. In addition kate can be abused to just open the konsole window and any command can be entered using the XTest extension. This was demonstrated for dolphin in [1]. The application itself cannot do anything to protect against it. On Wayland the situation can be considered worse as the compositor is running as the normal user and is not protected to handle root windows. It can be rather trivial to attack the root running application from the compositor through interfaces such as scripting. This is not in the aim of the compositors to protect against. The common use case why users start editors as root is to edit root owned files. This is a valid use case, but there is no need to run the application as root. Instead one can use sudoedit to run the application as user and still be able to edit as root. This change introduces a check whether the application is started as root before any interaction with X or Wayland happens, that is prior to creating the QApplication. If it is detected that we run as root, we exit and print an information about how to properly edit an application in kwrite/kate as root. The text is deliberatly not translated to keep the threat from running as root as low as possible. The output is: martin@martin-desktop: ~ $ sudo /opt/kf5/bin/kate Executing Kate as root is not possible. To edit files as root use: SUDO_EDITOR=kate sudoedit <file> martin@martin-desktop: ~ $ sudo /opt/kf5/bin/kwrite Executing Kate as root is not possible. To edit files as root use: SUDO_EDITOR=kwrite sudoedit <file> [1] http://git.net/ml/kwrite-devel/2016-01/msg00011.html Test Plan: See output Reviewers: #kate Subscribers: kwrite-devel Differential Revision: https://phabricator.kde.org/D4634
parent
87e254b2
-
mentioned in commit ngraham/dolphin@1f02e3ca
-
mentioned in merge request system/dolphin!43 (closed)
-
mentioned in commit ngraham/dolphin@7abefda9
-
mentioned in commit ngraham/dolphin@a1872208
Please register or sign in to comment