Bug 23054 - kde-rootactions-servicemenu is somewhat broken, unmaintained upstream
Summary: kde-rootactions-servicemenu is somewhat broken, unmaintained upstream
Status: RESOLVED MOVED
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: Cauldron
Hardware: x86_64 Linux
Priority: Normal normal
Target Milestone: Mageia 8
Assignee: KDE maintainers
QA Contact:
URL: https://store.kde.org/p/998469/
Whiteboard:
Keywords: 8rc1, IN_ERRATA8, IN_RELEASENOTES8
Depends on:
Blocks:
 
Reported: 2018-05-19 00:00 CEST by peter lawford
Modified: 2021-02-10 20:36 CET (History)
6 users (show)

See Also:
Source RPM: kde-rootactions-servicemenu-2.9-4.mga8.src.rpm
CVE:
Status comment:


Attachments

Description peter lawford 2018-05-19 00:00:26 CEST
Description of problem:

[alain4@magaux ~]$ rpm -qa |grep kde-rootactions-servicemenu
kde-rootactions-servicemenu-2.9-2.mga6

when right-clicking in dolphin on desktop-file, and selecting a root action, as "open as text" for example, a window opens requiring to type the root password, and after nothing happens;
before the last updates, it finely worked and was very convenient


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
Marja Van Waes 2018-05-19 08:57:09 CEST

CC: (none) => marja11
Assignee: bugsquad => kde

Comment 1 Morgan Leijström 2018-05-19 14:31:57 CEST
Confirming. I dont know when it last worked as i seldom use it.
Trying to log it:

___Procedure:
I launched dolphin from konsole, and in dolphin i right clicked on KiCad folder, chose root action to open with file browser.

___Output in konsole: 
bash-4.3$ dolphin
kf5.kio.core: Refilling KProtocolInfoFactory cache in the hope to find "stash"
Trying to convert empty KLocalizedString to QString.
org.kde.dolphin: Ignore KIO url: QUrl("timeline:/today")
org.kde.dolphin: Ignore KIO url: QUrl("timeline:/yesterday")
org.kde.dolphin: Ignore KIO url: QUrl("timeline:/thismonth")
org.kde.dolphin: Ignore KIO url: QUrl("timeline:/lastmonth")
org.kde.dolphin: Ignore KIO url: QUrl("search:/documents")
org.kde.dolphin: Ignore KIO url: QUrl("search:/images")
org.kde.dolphin: Ignore KIO url: QUrl("search:/audio")
org.kde.dolphin: Ignore KIO url: QUrl("search:/videos")
qt.accessibility.core: Cannot create accessible child interface for object:  PlacesView(0x294bdd0)  index:  29
which: no kdesudo in (/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin:/usr/local/games:/usr/games:/usr/lib64/qt4/bin:/usr/lib64/qt5/bin)
which: no kdesu in (/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin:/usr/local/games:/usr/games:/usr/lib64/qt4/bin:/usr/lib64/qt5/bin)
/bin/dolphin


___In mean time as root output from journalctl -f :
maj 19 14:24:56 svarten kdesud[6969]: org.kde.kdesud: priority set to  50
maj 19 14:24:56 svarten kdesud[6969]: org.kde.kdesud: Scheduler set to  0
maj 19 14:24:57 svarten plasmashell[4290]: kf5.kservice.services: Parsing "exist Exec and ('/usr/libexec/kf5/kdesu -c '/bin/rootactions-servicemenu.pl' do_open_with 'dolphin' '/home/morgan/KiCad'' =~ Exec)" gave: syntax error
maj 19 14:24:57 svarten plasmashell[4290]: kf5.kservice.services: Parsing "exist Exec and ('kdesu -c '/bin/rootactions-servicemenu.pl' do_open_with 'dolphin' '/home/morgan/KiCad'' =~ Exec)" gave: syntax error
maj 19 14:25:01 svarten su[8046]: (to root) morgan on pts/3
maj 19 14:25:01 svarten kernel: audit: type=1100 audit(1526732701.912:288): pid=8046 uid=10702 auid=4294967295 ses=4294967295 msg='op=PAM:authentication grantors=pam_unix acct="root" exe="/usr/bin/su" hostname=svarten addr=? terminal=pts/3 res=success'
maj 19 14:25:01 svarten kernel: audit: type=1101 audit(1526732701.912:289): pid=8046 uid=10702 auid=4294967295 ses=4294967295 msg='op=PAM:accounting grantors=pam_tcb acct="root" exe="/usr/bin/su" hostname=svarten addr=? terminal=pts/3 res=success'
maj 19 14:25:01 svarten kernel: audit: type=1103 audit(1526732701.912:290): pid=8046 uid=10702 auid=4294967295 ses=4294967295 msg='op=PAM:setcred grantors=pam_unix acct="root" exe="/usr/bin/su" hostname=svarten addr=? terminal=pts/3 res=success'
maj 19 14:25:01 svarten audit[8046]: USER_AUTH pid=8046 uid=10702 auid=4294967295 ses=4294967295 msg='op=PAM:authentication grantors=pam_unix acct="root" exe="/usr/bin/su" hostname=svarten addr=? terminal=pts/3 res=success'
maj 19 14:25:01 svarten audit[8046]: USER_ACCT pid=8046 uid=10702 auid=4294967295 ses=4294967295 msg='op=PAM:accounting grantors=pam_tcb acct="root" exe="/usr/bin/su" hostname=svarten addr=? terminal=pts/3 res=success'
maj 19 14:25:01 svarten audit[8046]: CRED_ACQ pid=8046 uid=10702 auid=4294967295 ses=4294967295 msg='op=PAM:setcred grantors=pam_unix acct="root" exe="/usr/bin/su" hostname=svarten addr=? terminal=pts/3 res=success'
maj 19 14:25:01 svarten su[8046]: pam_systemd(su:session): Cannot create session: Already running in a session
maj 19 14:25:01 svarten su[8046]: pam_unix(su:session): session opened for user root by (uid=10702)
maj 19 14:25:01 svarten audit[8046]: USER_START pid=8046 uid=10702 auid=4294967295 ses=4294967295 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_xauth acct="root" exe="/usr/bin/su" hostname=svarten addr=? terminal=pts/3 res=success'
maj 19 14:25:01 svarten kernel: audit: type=1105 audit(1526732701.925:291): pid=8046 uid=10702 auid=4294967295 ses=4294967295 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_xauth acct="root" exe="/usr/bin/su" hostname=svarten addr=? terminal=pts/3 res=success'
maj 19 14:25:01 svarten su[8046]: pam_unix(su:session): session closed for user root
maj 19 14:25:01 svarten kernel: audit: type=1106 audit(1526732701.927:292): pid=8046 uid=10702 auid=4294967295 ses=4294967295 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_xauth acct="root" exe="/usr/bin/su" hostname=svarten addr=? terminal=pts/3 res=success'
maj 19 14:25:01 svarten kernel: audit: type=1104 audit(1526732701.927:293): pid=8046 uid=10702 auid=4294967295 ses=4294967295 msg='op=PAM:setcred grantors=pam_unix acct="root" exe="/usr/bin/su" hostname=svarten addr=? terminal=pts/3 res=success'
maj 19 14:25:01 svarten audit[8046]: USER_END pid=8046 uid=10702 auid=4294967295 ses=4294967295 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_xauth acct="root" exe="/usr/bin/su" hostname=svarten addr=? terminal=pts/3 res=success'
maj 19 14:25:01 svarten audit[8046]: CRED_DISP pid=8046 uid=10702 auid=4294967295 ses=4294967295 msg='op=PAM:setcred grantors=pam_unix acct="root" exe="/usr/bin/su" hostname=svarten addr=? terminal=pts/3 res=success'
maj 19 14:25:02 svarten audit[8051]: USER_AUTH pid=8051 uid=10702 auid=4294967295 ses=4294967295 msg='op=PAM:authentication grantors=pam_unix acct="root" exe="/usr/bin/su" hostname=svarten addr=? terminal=pts/3 res=success'
maj 19 14:25:02 svarten audit[8051]: USER_ACCT pid=8051 uid=10702 auid=4294967295 ses=4294967295 msg='op=PAM:accounting grantors=pam_tcb acct="root" exe="/usr/bin/su" hostname=svarten addr=? terminal=pts/3 res=success'
maj 19 14:25:02 svarten su[8051]: (to root) morgan on pts/3
maj 19 14:25:02 svarten kernel: audit: type=1100 audit(1526732702.112:294): pid=8051 uid=10702 auid=4294967295 ses=4294967295 msg='op=PAM:authentication grantors=pam_unix acct="root" exe="/usr/bin/su" hostname=svarten addr=? terminal=pts/3 res=success'
maj 19 14:25:02 svarten kernel: audit: type=1101 audit(1526732702.112:295): pid=8051 uid=10702 auid=4294967295 ses=4294967295 msg='op=PAM:accounting grantors=pam_tcb acct="root" exe="/usr/bin/su" hostname=svarten addr=? terminal=pts/3 res=success'
maj 19 14:25:02 svarten audit[8051]: CRED_ACQ pid=8051 uid=10702 auid=4294967295 ses=4294967295 msg='op=PAM:setcred grantors=pam_unix acct="root" exe="/usr/bin/su" hostname=svarten addr=? terminal=pts/3 res=success'
maj 19 14:25:02 svarten kernel: audit: type=1103 audit(1526732702.116:296): pid=8051 uid=10702 auid=4294967295 ses=4294967295 msg='op=PAM:setcred grantors=pam_unix acct="root" exe="/usr/bin/su" hostname=svarten addr=? terminal=pts/3 res=success'
maj 19 14:25:02 svarten su[8051]: pam_systemd(su:session): Cannot create session: Already running in a session
maj 19 14:25:02 svarten su[8051]: pam_unix(su:session): session opened for user root by (uid=10702)
maj 19 14:25:02 svarten audit[8051]: USER_START pid=8051 uid=10702 auid=4294967295 ses=4294967295 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_xauth acct="root" exe="/usr/bin/su" hostname=svarten addr=? terminal=pts/3 res=success'
maj 19 14:25:02 svarten kernel: audit: type=1105 audit(1526732702.124:297): pid=8051 uid=10702 auid=4294967295 ses=4294967295 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_xauth acct="root" exe="/usr/bin/su" hostname=svarten addr=? terminal=pts/3 res=success'
maj 19 14:25:02 svarten audit[8051]: USER_END pid=8051 uid=10702 auid=4294967295 ses=4294967295 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_xauth acct="root" exe="/usr/bin/su" hostname=svarten addr=? terminal=pts/3 res=success'
maj 19 14:25:02 svarten audit[8051]: CRED_DISP pid=8051 uid=10702 auid=4294967295 ses=4294967295 msg='op=PAM:setcred grantors=pam_unix acct="root" exe="/usr/bin/su" hostname=svarten addr=? terminal=pts/3 res=success'
maj 19 14:25:02 svarten su[8051]: pam_unix(su:session): session closed for user root

CC: (none) => fri

Comment 2 Morgan Leijström 2018-05-19 14:41:20 CEST
Also see Bug 23056 - since the last updates kate no longer can open text files under root
Comment 3 Nicolas Lécureuil 2018-05-19 17:50:52 CEST
upstream is aware of this issue, we will update ASAP.

https://store.kde.org/p/998469/

CC: (none) => mageia

Nicolas Lécureuil 2018-05-19 17:54:26 CEST

Assignee: kde => qa-bugs

Comment 4 Thomas Andrews 2018-05-22 17:45:45 CEST
Please advise as to which packages are associated with this bug, so we can test just those, and not miss any.

CC: (none) => andrewsfarm

Comment 5 peter lawford 2018-05-22 23:49:30 CEST
(In reply to Thomas Andrews from comment #4)
> Please advise as to which packages are associated with this bug, so we can
> test just those, and not miss any.

the only package concerned is kde-rootactions-servicemenu-2.9-2.mga6
I think, but I am not sure, that lib64kf5jobwidgets5-5.42.0-1.1.mga6 is concerned too
Comment 6 Thomas Andrews 2018-05-24 06:04:47 CEST
I found the kde-rootactions-servicemenu version you list in the repos, and installed it. Some actions work, and some don't. In particular, Plasma no longer allows you to run kwrite, Dolphin, and some other KDE GUI applications as root, and those functions are the ones not working. Other actions, like open a terminal, or running a app that is otherwise allowed for root, still work.

But after checking it out, I went looking for an update to test, and there's none that I find. The lib64kf5jobwidgets5 package you mentioned is part of another update bug. It may be a part of this one, but I'm thinking probably not.

Nicolas, you are the one who assigned this to QA for testing. Please let me know exactly what I'm supposed to test.
Comment 7 Nicolas Lécureuil 2018-05-24 08:27:23 CEST
no this is an error. It does not work yet and this is "normal" cf https://store.kde.org/p/998469/

Assignee: qa-bugs => kde

Comment 8 peter lawford 2018-05-24 11:41:51 CEST
(In reply to Nicolas Lécureuil from comment #7)
> no this is an error. It does not work yet and this is "normal" cf
> https://store.kde.org/p/998469/

I don't agree with those who think that kde-rootactions-servicemenu has to be disabled for opening kate or kwrite by right-clicking; I use a workaround, but it's dangerous: I switch the rights of the file I want to open for making changes inside, for example, into 644; then, it's possible to open the file by right-clicking, to make changes inside, and when typing Ctl+S, a context window opens requiring to type the administrator password, and after I type Ctl+Q to close the file.
This method is tedious, and dangerous because one must not forget to reset the rights of the file to their original values after!
it's why I think that having disabled kde-gui applications as root is stupid
Comment 9 peter lawford 2018-05-24 12:27:23 CEST
(In reply to Nicolas Lécureuil from comment #7)
> no this is an error. It does not work yet and this is "normal" cf
> https://store.kde.org/p/998469/

sorry, I was immoderate in my writings in comment 8: I wanted to mean that for me, having disabled kde-gui applications as root was inappropriate
Comment 10 Thomas Andrews 2018-05-24 15:19:46 CEST
(In reply to peter lawford from comment #8)
> (In reply to Nicolas Lécureuil from comment #7)
> > no this is an error. It does not work yet and this is "normal" cf
> > https://store.kde.org/p/998469/
> 
> I don't agree with those who think that kde-rootactions-servicemenu has to
> be disabled for opening kate or kwrite by right-clicking; I use a
> workaround, but it's dangerous: I switch the rights of the file I want to
> open for making changes inside, for example, into 644; then, it's possible
> to open the file by right-clicking, to make changes inside, and when typing
> Ctl+S, a context window opens requiring to type the administrator password,
> and after I type Ctl+Q to close the file.
> This method is tedious, and dangerous because one must not forget to reset
> the rights of the file to their original values after!

There is another alternative, if you really need to use a GUI text editor as root until this is fixed. (Be aware that most Linux experts will tell you this should never be done. It is dangerous because you really don't know what options may be included when a GUI issues a command, and they could be the wrong ones for what you are trying to do. If you bork your system while doing it, remember that you were warned.)

Only KDE applications are a part of this ban. You can install a text editor from another DE, like mousepad (Xfce's text editor), then use "open with" from the root actions. That will open the application as root. I don't know about others, but mousepad will give you a very plain warning that you are acting as root, and that it is dangerous.
Comment 11 peter lawford 2018-05-24 22:23:14 CEST
(In reply to Thomas Andrews from comment #10)
> (In reply to peter lawford from comment #8)
> > (In reply to Nicolas Lécureuil from comment #7)
> > > no this is an error. It does not work yet and this is "normal" cf
> > > https://store.kde.org/p/998469/
> > 
> > I don't agree with those who think that kde-rootactions-servicemenu has to
> > be disabled for opening kate or kwrite by right-clicking; I use a
> > workaround, but it's dangerous: I switch the rights of the file I want to
> > open for making changes inside, for example, into 644; then, it's possible
> > to open the file by right-clicking, to make changes inside, and when typing
> > Ctl+S, a context window opens requiring to type the administrator password,
> > and after I type Ctl+Q to close the file.
> > This method is tedious, and dangerous because one must not forget to reset
> > the rights of the file to their original values after!
> 
> There is another alternative, if you really need to use a GUI text editor as
> root until this is fixed. (Be aware that most Linux experts will tell you
> this should never be done. It is dangerous because you really don't know
> what options may be included when a GUI issues a command, and they could be
> the wrong ones for what you are trying to do. If you bork your system while
> doing it, remember that you were warned.)
> 
> Only KDE applications are a part of this ban. You can install a text editor
> from another DE, like mousepad (Xfce's text editor), then use "open with"
> from the root actions. That will open the application as root. I don't know
> about others, but mousepad will give you a very plain warning that you are
> acting as root, and that it is dangerous.

thank you for mousepad, it works fine, even to open as text by right-clicking rights-600 files; I didn't know
Comment 12 Aurelien Oudelet 2020-08-05 21:04:52 CEST
Installed kde-rootactions-servicemenu package on Mageia 8 Cauldron. (Version 2.9-4.mga8).

Performing such administrative actions like open /etc/hostname in Kwrite.
Get this:

dolphin[12203]: Cannot initialize model with data QJsonObject() . missing: QJsonValue(string, "urls")
systemd[2016]: Started apps-11\x2drootactionsfiles-19d5b97ebf584ba9bedc47f62fcab192.scope.
plasmashell[10596]: kf5.kservice.services: Parsing "exist Exec and ('kdesu -d -c '/usr/bin/rootactions-servicemenu.pl' do_open_with 'kwrite' '/etc/hostname'' =~ Exec)" gave: syntax error.

I think this functionality is totally broken and non-wayland compatible.
Upstream web site https://store.kde.org/p/998469/ seems to not been updated since 3 years.

As it exposes system from user's actions as full root account, I think such service menu is a mess from a security point of view.

As of is inconsistent behaviour, such service menu could be problematic for inexperienced users. Glad to see it not installed by default.
Should it be dropped in Mageia 8? 

Add security team on this.

Priority: Normal => High
CC: (none) => ouaurelien
Source RPM: (none) => kde-rootactions-servicemenu-2.9-4.mga8.src.rpm
QA Contact: (none) => security
Version: 6 => Cauldron
Keywords: (none) => 8beta1
URL: (none) => https://store.kde.org/p/998469/
Summary: since the last "massive" update, kde-rootactions-servicemenu is ineffective => kde-rootactions-servicemenu is somewhat broken, unmaintained upstream
Target Milestone: --- => Mageia 8
Severity: normal => critical

David Walser 2020-08-05 21:18:35 CEST

QA Contact: security => (none)

Comment 13 David Walser 2020-08-05 21:22:30 CEST
There's no security issue.  GUI applications not running as root under Wayland is a more general and known issue.  The KDE team can decide what, if anything, needs to be done with this package.  Does it work in X.org?
Comment 14 Aurelien Oudelet 2020-08-05 22:52:08 CEST
@ David,

I think so.

Some functions works in X.org like launching a root Konsole but majority of functions are broken.

Reducing importance as this package is not installed by default.

Priority: High => Normal
Severity: critical => normal

Comment 15 David GEIGER 2020-12-15 07:57:25 CET
So, kde-rootactions-servicemenu is now removed from Cauldron!

Status: NEW => RESOLVED
Resolution: (none) => MOVED
CC: (none) => geiger.david68210

Comment 16 Aurelien Oudelet 2020-12-15 08:12:59 CET
Also note that recent Kate (Text editor from Plasma) can open user-readable files and can WRITE them with a temporary polkit-privilege rise like a "sudo" command: this opens a polkit agent to ask for root or user's password if member of wheel group.

Thanks David for removing this.
Comment 17 Morgan Leijström 2021-02-05 14:26:25 CET
Is this something we should note regarding upgrading from mga7?
Comment 18 Aurelien Oudelet 2021-02-05 14:41:27 CET
(In reply to Morgan Leijström from comment #17)
> Is this something we should note regarding upgrading from mga7?

Yes this should land Release Notes I think.
Comment 19 Morgan Leijström 2021-02-05 15:26:21 CET
Done

Keywords: 8beta1 => 8rc1, IN_RELEASENOTES8

Comment 20 Morgan Leijström 2021-02-05 20:58:14 CET
I put a sentence at https://wiki.mageia.org/en/Mageia_8_Release_Notes#Plasma
"The Dolphin right click extension kde-rootactions-servicemenu is removed as it is unmaintained upstream and have issues. "

I guess the package will be forcibly uninstalled at upgrade?
So the package should be listed here:
https://wiki.mageia.org/en/Mageia_8_Release_Notes#With_removal_on_upgrade
Comment 21 Morgan Leijström 2021-02-06 12:02:56 CET
Note moved to Errata.

But question still stand for if and where to list for removal.
Comment 22 Morgan Leijström 2021-02-06 12:06:51 CET
(At bottom of release notes there are headers to list removed packages)

Keywords: IN_RELEASENOTES8 => FOR_RELEASENOTES8, IN_ERRATA8

Comment 23 Morgan Leijström 2021-02-10 20:36:44 CET
https://wiki.mageia.org/en/Mageia_8_Release_Notes#With_removal_on_upgrade

Keywords: FOR_RELEASENOTES8 => IN_RELEASENOTES8


Note You need to log in before you can comment on or make changes to this bug.