Reply to topic

kate as root

2handband
Registered Member
Posts
304
Karma
0
OS

kate as root

Tue Mar 16, 2010 11:53 pm
I've run into an odd requirement... I need some of my users to be able to edit text files as root and I can assure you that they are NOT going to learn to use the command line. In short, I need to be able to open Kate with superuser privileges. I'm running Debian Squeeze with KDE 4.3.4.


User avatar bcooksley
Administrator
Posts
19759
Karma
87
OS

Re: kate as root

Wed Mar 17, 2010 3:59 am
Running Kate as follows should work fine. Note that sudo won't work, and will cause all manner of errors. KDESu probably won't work properly either ( haven't tested )

Code: Select all
konsole -e "su -c /usr/bin/kate /path/to/file"


I'm assuming the users can handle entering the password into a command line prompt...
You could also try KDESu, not sure if it will probably clear the environment variables.

Code: Select all
kdesu /usr/bin/kate /path/to/file


If you have an operational PolicyKit installation, then you could use that also.

Code: Select all
pkexec /usr/bin/kate /path/to/file


KDE Sysadmin
[img]http://forum.kde.org/content/bcooksley_sig.png[/img]
2handband
Registered Member
Posts
304
Karma
0
OS

Re: kate as root

Wed Mar 17, 2010 4:46 am
kdesu doesn't work; I'll try policykit tomorrow morning. How come I can't just open Konqueror as root and open the file from there? It worked fine on Lenny with 3.5. When I do it on Squeeze with 4.3 I get the following:

KDEInit could not launch /usr/bin/kate.

I would think the ability to open a file as root using graphical utilities falls under the heading of basic functionality.


User avatar bcooksley
Administrator
Posts
19759
Karma
87
OS

Re: kate as root

Wed Mar 17, 2010 6:22 am
It all depends on *how* you run as root. The trick is to have a clean environment so that your root applications do not try to access your normal user D-Bus session bus. Neither sudo or kdesu seem to clean the envrionment properly unfortunately... "su -" however will clean the environment properly.


KDE Sysadmin
[img]http://forum.kde.org/content/bcooksley_sig.png[/img]
2handband
Registered Member
Posts
304
Karma
0
OS

Re: kate as root

Wed Mar 17, 2010 12:49 pm
No go; here's what I got:

Code: Select all
pkexec /usr/bin/kate /etc/apt/sources.list
kate: cannot connect to X server


User avatar bcooksley
Administrator
Posts
19759
Karma
87
OS

Re: kate as root

Thu Mar 18, 2010 4:08 am
You may wish to try using the "su -c" solution instead in this case. You could use a setsuid launcher to run that if they don't know the root password, or you could use sudo to run it...
"sudo su -c /usr/bin/kate"...


KDE Sysadmin
[img]http://forum.kde.org/content/bcooksley_sig.png[/img]
2handband
Registered Member
Posts
304
Karma
0
OS

Re: kate as root

Fri Mar 19, 2010 12:09 am
That worked, thanks. I'm setting up a graphical app launcher for it. I have to say, however, that this is a second-best solution. What I really want (and I know this is probably getting to be an old song and dance) is to be able to do what I was able to do in KDE 3.


User avatar bcooksley
Administrator
Posts
19759
Karma
87
OS

Re: kate as root

Fri Mar 19, 2010 6:14 am
This is the primary reason behind motivating for implementation of PolicyKit and KAuth in KDE applications, as it would allow them to gain privileges for the saving and reading parts only, ensuring optimal security.


KDE Sysadmin
[img]http://forum.kde.org/content/bcooksley_sig.png[/img]
2handband
Registered Member
Posts
304
Karma
0
OS

Re: kate as root

Fri Mar 19, 2010 1:07 pm
I understand, and I'm all about security. But I've also been running Linux systems for other users long enough to know when to budge. The young lady in question is smart, trustworthy, and reasonably adept with computers. But like most modern young computer users she thinks it's absolutely absurd to not be able to get into whatever she wants using the mouse. I think I might have found a solution, though. I can open Kwrite as root using Krusader (and although Kwrite is the default I can probably figure out how to make it Kate), but I'm new to Krusader and not quite ready to install it on a production machine. I'm liking it, however. It's a really cool bit of software.


skneifel
Registered Member
Posts
1
Karma
0

Re: kate as root

Sat Sep 23, 2017 8:22 am
2handband wrote:I understand, and I'm all about security. But I've also been running Linux systems for other users long enough to know when to budge. The young lady in question is smart, trustworthy, and reasonably adept with computers. But like most modern young computer users she thinks it's absolutely absurd to not be able to get into whatever she wants using the mouse. I think I might have found a solution, though. I can open Kwrite as root using Krusader (and although Kwrite is the default I can probably figure out how to make it Kate), but I'm new to Krusader and not quite ready to install it on a production machine. I'm liking it, however. It's a really cool bit of software.


Well, I agree to both sides: there are security issues running editors as root. However, there are also situations where it is inadequate to restrict the possibility of running the editor as root in a hard-coded way. The decision should be up to the respective administrator.

if you don't have time to edit the kate sources and recompile it, you can "solve" the problem the hard way by patching kate and kwrite. They have both a few lines of code directly at the start of the "main" function:
Code: Select all
    /**
     * Check whether we are running as root
     **/
    if (getuid() == 0) {
        std::cout << "Executing Kate as root is not possible. To edit files as root use:" << std::endl;
        std::cout << "SUDO_EDITOR=kate sudoedit <file>" << std::endl;
        return 0;
    }

OK, so look in the executable binaries where you find the call to getuid():
Code: Select all
objdump -Crd /usr/bin/kate | less

and search for getuid (by typing /getuid). You'll find some lines like this:
Code: Select all
   275d6:   66 90                   xchg   %ax,%ax
   275d8:   ff 25 8a 90 28 00       jmpq   *0x28908a(%rip)        # 2b0668 <getuid@GLIBC_2.2.5>
   275de:   66 90                   xchg   %ax,%ax

Now search where the address (in this case 275d8) is called, by typing /275d8 (all within 'less'). You'll find it shortly after the start of the main function (or _start):
Code: Select all
   28dee:   e8 e5 e7 ff ff          callq  275d8 <KParts::MainWindow::createShellGUI(bool)@plt+0x3d8>
   28df3:   85 c0                   test   %eax,%eax
   28df5:   0f 84 e9 1e 00 00       je     2ace4 <KParts::MainWindow::createShellGUI(bool)@plt+0x3ae4>

Here the program calls getuid(), tests the result in %eax, and if it's zero (i.e. the program runs as root) it jumps to the error routine.
Open the kate binary in a hex editor and replace the "je" instruction with "nop" instructions (0x90):
Code: Select all
before:
 0000000000028DF0    E7 FF FF 85 C0 0F 84 E9  1E 00 00 E8 B0 E9 04 00
after:
 0000000000028DF0    E7 FF FF 85 C0 90 90 90  90 90 90 E8 B0 E9 04 00

Et voilà, kate runs as root again. Patching kwrite works in the same way.
wolfi323
Registered Member
Posts
1121
Karma
11
OS

Sat Sep 23, 2017 9:47 am
skneifel wrote:if you don't have time to edit the kate sources and recompile it, you can "solve" the problem the hard way by patching kate and kwrite. They have both a few lines of code directly at the start of the "main" function:

That check was added only a few months ago though:
https://cgit.kde.org/kate.git/commit/?i ... 46b0e12a7e
(first included in 17.04.0)

Please note that this thread is 7 years old.
Kate did not actively refuse to run as root back then.
(and btw, I never had problems to run it with kdesu here)
yakovic
Registered Member
Posts
5
Karma
0

Re: kate as root

Tue Sep 18, 2018 7:36 pm
skneifel wrote: [...] Here the program calls getuid(), tests the result in %eax, and if it's zero (i.e. the program runs as root) it jumps to the error routine.
Open the kate binary in a hex editor and replace the "je" instruction with "nop" instructions (0x90) [...]


Thank you for showing how to do this, I learned a lot. However, I could not get a nop instruction to work. Instead, I changed to JNE (0x0F 85) although then only root can run the editor, but that's fine for my use case, and it worked.
User avatar zachus
Registered Member
Posts
30
Karma
0
OS
run Kate as root:

SUDO_EDITOR=kate sudoedit /etc/sudoers

SUDO_EDITOR=kate sudoedit %f

export SUDO_EDITOR=kate
User avatar blue_bullet
Registered Member
Posts
23
Karma
0
OS

Re: kate as root

Mon Dec 17, 2018 8:52 pm
I use 2 editors, Kate and the, so I tucked this into my .bashrc file:

# Use The Hessling Editor (the) as the default editor- rcb 9/15/07
#export EDITOR="/usr/bin/xthe -X textCursor vertical -w 1200"
export EDITOR="/usr/bin/the -w 7000"
#export EDITOR="/usr/bin/gedit"
#export EDITOR="/usr/bin/kate"
export KEDITOR="/usr/bin/kate"
# Editor to use with sudoedit command for root files Updated 2017-11-16 @ 12:24:43 MST by rob@fargo
export SUDO_EDITOR="/usr/bin/kate"
# Use this alias to use the as the editor for root files: Updated 2017-11-16 @ 12:32:49 MST by rob@fargo
alias xsudoedit='SUDO_EDITOR=$EDITOR && sudoedit'
alias xse=xsudoedit
# Use this alias to use kate as the editor for root files: Updated 2017-11-16 @ 12:32:49 MST by rob@fargo
alias ksudoedit='SUDO_EDITOR=$KEDITOR && sudoedit'
alias kse=ksudoedit

So in Konsole I can issue (1) kse file_id or (2) xse file_id. Life is good...
User avatar zachus
Registered Member
Posts
30
Karma
0
OS

Re: kate as root

Tue Dec 18, 2018 10:52 pm
blue_bullet wrote:So in Konsole I can issue (1) kse file_id or (2) xse file_id. Life is good...



you don't seem to know what a good life is.

in Puppy-Linux, you almost never ever enter a password at all, since all is run as root.

So, this should mean they must all have malwares and destruction.

But no, those Puppy users really have a good life whereas us KDE folks

usually have a PITA system entering passwords 100 times a day and its only getting worse. :< >:( :-\ :'( :o

 
Reply to topic

Bookmarks



Who is online

Registered users: ahabgreybeard, Baidu [Spider], Bing [Bot], Exabot [Bot], Google [Bot], jamanfred, jvassiliou, louis94, pa, trintadosete, Yahoo [Bot]