[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1011624: kdesu: kdesu fails to authenticate with sudo from testing/unstable



Dear Marc,

Le 26/05/2022 à 16:09, Marc Haber a écrit :
On Wed, May 25, 2022 at 01:58:58PM +0100, Rik Mills wrote:
The issue can be worked around by adding /etc/sudoers.d/kdesu with the
contents

Defaults!/usr/lib/*/libexec/kf5/kdesu_stub !use_pty

kdesu is cordially invited to ship that file in the package, fixing the
issue for everybody. Please add a comment with the reference to this bug
report and remove the file once kdesu was fixed upstream.

kdesu is now cordially shipping the file in the package. :-)

Would you mind to comment why this is OK from a security perspective ?

I’m no security expert at all but if I read the CVE description correctly, the issue is with the su'ed command being able to escape the su user session. Is it OK in this case because kdesu is used to gain root from non-root and so escaping the su session only gives you back the original non-root user rights ?


Thanks,
--
Aurélien


Reply to: