KDE Ends 2021 With More Plasma Wayland Fixes, Root File Operations For Dolphin

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • oiaohm
    replied
    Originally posted by aufkrawall View Post
    The efforts were going on for years though and you can read some disputes in the KIO MR.
    Despite of the concerns, I'm still glad it has landed. I wouldn't have disallowed Dolphin from running as root before this even was implemented. I don't want to be put in shackles just because other people would torch their own houses otherwise. Really not my concern.
    Problem here there is no good answer.

    Disallowing sudo and so on got users upset on one hand. Running as root could possible result in complete file system corruption yes the extra capabilities granted to root are quite scary. Distributions started in the late1990s early 2000 moving away from providing a graphical root user login due to the issues started appearing.. We are not talking minor issues either like the system is more likely to totally freeze up if you are running graphical as root capabilities than when you are not.

    Yes the work to get X.org to work as normal user is part of the same effort.

    Being blamed for being in the way and not allowing user to do what they want is better than being blamed for the user having total data loss due to a defect you knew about.

    Really its annoying that its taken over 20 years to start to getting these problems fixed properly.

    Of course we still have items like SDDM that need to get to the point they can use a non root X11 server/wayland output.

    There is quite a long road it fixing all these issues up.
    Last edited by oiaohm; 01 January 2022, 06:20 PM.

    Leave a comment:


  • oiaohm
    replied
    Originally posted by Termy View Post
    i mean if you don't have viewing permission to directories - or is that covered?
    This is something the KIO polkit work are designed to handle. Yes this is not the simplest thing. You can use gnome files as a normal user do control+L and admin:/// path get give a dialogue and find yourself able to access directories that you normally cannot once you give password/permission to polkit.

    We still have to get it out in production yet and see if they have got it exactly right. If it right you will be able to access directories you normally cannot.

    Yes gnome does it by GVFS not KIO. So it spread out under all gnome applications with GVFS so gedit can use admin:/// paths and so on. It will be interesting to see how KIO handles it because this will mean kate and so on will be able todo it.

    Yes it would be insane to edit a system file in LibreOffice writer but these kinds of things will come possible.

    The KIO polkit changes should allow every operation you could do while running dolphin/kate... as root in the past is possible while running the graphical parts of dolphin/kate... as normal user with privilege dbus service doing the operations requiring privilege once allowed by polkit. This also explains why this has not been a fast or simple process. There is a massive number of features that must work perfectly.

    Leave a comment:


  • oiaohm
    replied
    Originally posted by markg85 View Post
    There was a time, years ago, when "security paranoid people" discovered ways to abuse KDE's applications with elevated permissions. In that time the security minded folks in KDE-land kinda decided that running anything as root is a no-go and should be forbidden. Hence patches were made to forbid Plasma to be run as root, forbid dolphin and i believe a few other applications too. In the beginning this was as strict as only users, later this got relaxed - at least in dolphin - in various changes throughout the years.
    This shows something that you never understood the problem.

    Kali Linux a security distribution made all the same kind of arguments you did about being only a single user running as root would be fine. Yes they found for wifi attacks and so on running with root capabilities was faster but they also found when it goes wrong the stuff goes wrong in a big way.

    Running kodi as root with all capabilities (privileges) and something goes wrong instead of being a simple restart the system fix as it would have been as a normal user its a complete reinstall possible with complete data loss. Yes the power of the root granted .

    https://securityboulevard.com/2020/0...-on-kali-2020/ Yes it took them until 2020 to change it. Of course you still have users forcing their way back as running as root and not understanding the level of danger they are playing with.

    The hard reality is running any more than you need to as root is not a good idea and will cause you trouble at some point or another.

    Originally posted by markg85 View Post
    Now what if you play with a single board computer where you intent to have only one application running? Say kodi as media center?
    In that case, and i've been there, it can be very handy to start X and open something else. Could be for copying stuff, could be for editing config files could be just to see how Plasma would work in that environment.
    do take a look at capabilities some time.

    You will find something dangerous when you are running with


    CAP_SYS_ADMIN

    Don't choose CAP_SYS_ADMIN if you can possibly avoid it! A vast proportion of existing capability checks are associated with this capability (see the partial list above). It can plausibly be called "the new root", since on the one hand, it confers a wide range of powers, and on the other hand, its broad scope means that this is the capability that is required by many privileged programs. Don't make the problem worse. The only new features that should be associated with CAP_SYS_ADMIN are ones that closely match existing uses in that silo.
    Yes CAP_SYS_ADMIN is the privilege we really do align with root operations and do note the nightmare here is not properly defined. Problem is this alters even how the OOM Killer responds to the application. and what memory and disc space you are allowed to allocate. Yes allowed to allocate without the normal safe guards so you could be forcing the kernel to suspend kernel processes that should be happening your process to proceed that would have just shared processing time and proceed in background if you were not with CAP_SYS_ADMIN..

    The fault has been seen for over 20 years now. The problem is security related and it does not require multi users as such because the Linux kernel behaves different between a normal user account/non capability process and a root/capability granted process..

    Linux root for capabilities granted is closest user on MS Windows user is SYSTEM. Do note under windows you normally cannot log in as system. Yes administrator account under windows are not the most privileged account you can see it at times when there are in use files that windows administrator account cannot delete but if you are running as windows SYSTEM user or using a tool running a bit as Windows SYSTEM user you can. Yes at time when stuff goes wrong with a process running windows system user it can be a reinstall as well.

    Like it or not users running applications normally don't need the full rights to-do everything. That everything is ultra broad and has many downsides.

    Early Late 1990s early 2000 it was found running graphical applications as root/privilege capabilities resulted in different behavour on Linux and early 2000 it was found that this different behavour could have adverse effects. Yes this reality people keep on wanting to ignore.

    Leave a comment:


  • Termy
    replied
    Originally posted by oiaohm View Post
    Yes they did add items that permission changes you can do by kde file manager also work by the polkit/dbus interface.
    i mean if you don't have viewing permission to directories - or is that covered?

    Leave a comment:


  • aufkrawall
    replied
    Originally posted by markg85 View Post
    I'm hoping it won't be an authentication spam fest.. We'll see.
    Pretty sure that it will be. But I think that's ok, as doing stuff as root all the time (or perhaps more precisely: with root privileges) is kind of misconcepted. New KIO root actions should greatly reduce hassle factor. It's just the worst when you can't create or rename text/config files at a given path via UI. Annoying af.

    Leave a comment:


  • markg85
    replied
    Originally posted by keit99 View Post
    personally I don't think you should be able to run plasma as root. (Why would you want to). And this is a huge improvement over running a whole application as root, which can actually be abused. Personally I never launch graphical applications as root anyways, because if I want to do something as root, the safest, and less system-screwy way is console. Nonetheless, it is goot that dolphin can now copy and move files from outside your home directory again.
    In an ideal world i'd agree with that.

    Now what if you play with a single board computer where you intent to have only one application running? Say kodi as media center?
    In that case, and i've been there, it can be very handy to start X and open something else. Could be for copying stuff, could be for editing config files could be just to see how Plasma would work in that environment.

    In that situation having the ability to just freaking run it is quite an advantage. Yes that's an edge case. I know one can argue both ways here. the "neat" way is to create user accounts, even in this way, that would prevent some permission nightmares at the cost of having a lot of others in return (like the user isn't in the proper groups yet). I'd argue the other way that the user doesn't matter at all in this case so lets keep it as root. It's a single purpose machine, permissions don't matter.

    Leave a comment:


  • keit99
    replied
    personally I don't think you should be able to run plasma as root. (Why would you want to). And this is a huge improvement over running a whole application as root, which can actually be abused. Personally I never launch graphical applications as root anyways, because if I want to do something as root, the safest, and less system-screwy way is console. Nonetheless, it is goot that dolphin can now copy and move files from outside your home directory again.

    Leave a comment:


  • markg85
    replied
    Originally posted by aufkrawall View Post
    The efforts were going on for years though and you can read some disputes in the KIO MR.
    Despite of the concerns, I'm still glad it has landed. I wouldn't have disallowed Dolphin from running as root before this even was implemented. I don't want to be put in shackles just because other people would torch their own houses otherwise. Really not my concern.
    There was a time, years ago, when "security paranoid people" discovered ways to abuse KDE's applications with elevated permissions. In that time the security minded folks in KDE-land kinda decided that running anything as root is a no-go and should be forbidden. Hence patches were made to forbid Plasma to be run as root, forbid dolphin and i believe a few other applications too. In the beginning this was as strict as only users, later this got relaxed - at least in dolphin - in various changes throughout the years.

    In my point of view those paranoid patches should never have been made or landed. But the security aspect, to some people, was more important then the (admittedly) edge cases of running Plasma and Dolphin as root. Specifically the latter is something you just need sometimes although rarely.

    Also be aware that this polkit change does not change how dolphin can be run. Look at the source: https://invent.kde.org/system/dolphi...r/src/main.cpp (lines 45-53). You cannot run dolphin with sudo or kdesudo. But you can still run it as root. Real root, user id 0. So in other terms, you're probably going to get a message to re-authenticate with your users permissions when you want to do something outside your user's homefolder. I don't know this for 100% sure as i don't have a dolphin with this yet but i'm assuming it from reading the patches. I'm hoping it won't be an authentication spam fest.. We'll see.

    Leave a comment:


  • oiaohm
    replied
    Originally posted by Termy View Post
    that doesn't help with x00 permissions though, does it?
    Yes they did add items that permission changes you can do by kde file manager also work by the polkit/dbus interface.

    Originally posted by Zoll View Post
    Thank you Linus! Many users been asking for this for years and after one video from Linus it's done!
    The answer is no Linus video did not change anything about the speed. Security of stuff like this takes while.



    Yes the KIO work started in 2009. Yes this is a decade long work. Yes parties still kept on pushing less file manager run as root completely even that the answer was no.

    KIO polkit work was marked in for this release its going to be in at the 2020 KDE conference. Yes well before Linus Tech tips touched it.

    Do note how many posts had to be deleted because they were basically off topic span. There was a risk that Linus Tech might have delayed this.

    This MR contains a series of commits that removes the disable on PolKit usage and fixes remaining bugs in it to provide a user experience that allows manipulating...


    Please note there are still code quality issues to fix. So still possible to be pulled before final release at this time.

    The 10 years of this work is been merged 8 times and reverted 7 times. lets hope it does not come 8 times reverted.



    Leave a comment:


  • aufkrawall
    replied
    Originally posted by Zoll View Post
    Thank you Linus! Many users been asking for this for years and after one video from Linus it's done!
    The efforts were going on for years though and you can read some disputes in the KIO MR.
    Despite of the concerns, I'm still glad it has landed. I wouldn't have disallowed Dolphin from running as root before this even was implemented. I don't want to be put in shackles just because other people would torch their own houses otherwise. Really not my concern.

    So, hopefully 2022 will be the year of inert scrolling.

    Leave a comment:

Working...
X