Page MenuHomeLubuntu

strip environment in lxqt-sudo
Open, Unbreak Now!Public

Description

@hmollercl brought up some interesting quirks about lxqt-sudo and after doing some hunting I found a really new patch which is actually really old (first commit in 2016) but it strips out all but the X and locale environment variables so that we don't end up with file permissions changing and the like. This is probably something we want to get in right away, but perhaps a release is on the horizon?

P.S. Contrary to what @tsimonq2 said, lxqt-sudo is a front end to sudo or su and is in no way related to pkexec. Furthermore, pkexec (according to its manpage) is not designed for GUI apps for security reasons.

Event Timeline

wxl created this task.Mon, Nov 5, 4:51 PM
wxl triaged this task as Unbreak Now! priority.
wxl created this object with edit policy "Administrators".

P.S. Contrary to what @tsimonq2 said, lxqt-sudo is a front end to sudo or su and is in no way related to pkexec. Furthermore, pkexec (according to its manpage) is not designed for GUI apps for security reasons.

That seems completely backwards to me, but, mkay.

wxl added a comment.Tue, Nov 6, 2:14 PM

lxqt-sudo:

lxqt-sudo  (and  symlinks  lxsu,  lxsudo)  is a graphical QT frontend for plain sudo(8) or
su(1) (for requesting optional password in GUI fashion).
When invoked it simply spawns child  sudo  or  su  process  with  requested  command  (and
optional arguments).

pkexec:

The environment that PROGRAM will run it, will be set to a minimal known and safe
environment in order to avoid injecting code through LD_LIBRARY_PATH or similar
mechanisms. In addition the PKEXEC_UID environment variable is set to the user id of the
process invoking pkexec. As a result, pkexec will not allow you to run X11 applications as
another user since the $DISPLAY and $XAUTHORITY environment variables are not set. These
two variables will be retained if the org.freedesktop.policykit.exec.allow_gui annotation
on an action is set to a nonempty value; this is discouraged, though, and should only be
used for legacy programs.

This security patch should be added too?

wxl added a comment.Sun, Nov 11, 2:01 PM

@apt-ghetto um, yes. please make a separate subtask of T117 with an "Unbreak Now!" priority.

I have created T167
I was not sure which visibility I should set.

If this task here is as easy as described in the packaging tutorial, I could do this.

wxl added a comment.Sun, Nov 11, 3:22 PM

Public visibility is fine and yes, it should be that simple so have at it!