Web lists-archives.com

Re: Suggestion to Remove KFloppy and hold back K3b




Am 2017-02-15 19:50, schrieb Wolfgang Bauer:
On 11 February 2017 at 13:44, Jonathan Riddell <jr@xxxxxxxxxxxx> wrote:
I recommend KFloppy be removed from Applications releases.  It
couldn't find my floppy drive and when I hacked the code to tell it
where to look it depended on an external tool fdformat which didn't
work anyway.

KFloppy and fdformat work fine here in openSUSE, I do use it regularly (with
an internal floppy drive).

And as the current maintainer, I'd prefer to (try to) fix problems instead of
having it dropped.

I'm a bit surprised that in the test the floppy drive showed up as /dev/sdc
though, mine always have been and still are at /dev/fd0...
I suppose that was an external one?
Not sure how to fix that then, it supposedly can be a random /dev/sdX...

There is a (somewhat "hidden") feature though to use any device you want: just enter it into the text field (this is mentioned in the documentation, it's a rather old feature already and intended to be able to format USB sticks too,
or other unpartitioned devices).
It would definitely be possible to list all /dev/sdX devices in the chooser too, but that may be dangerous and cause data loss without any further check
that it is really a floppy drive (or USB stick).
I have to think about that one.

I am aware of one particular problem related to permissions though:
Normally the device can only be accessed by members of the group "disk" (or "floppy"), but modern distributions tend to not add users to these groups any
more.

You'd have to add the user to the appropriate group manually to make KFloppy
and fdformat work, or run KFloppy as root.
Not great, I agree.

Actually I was thinking about this problem recently though.

The error message could definitely be improved.

And one "solution" would probably be to make KFloppy offer to restart itself as root (if it detects insufficient permissions) like partitionmanager does
it.

Please do not consider starting a GUI application as root a possibility. Starting a root process which connects to X server means a possible instant owning! This is the easiest way to get a root exploit. I wrote one against dolphin running as root last year, you can find it in my scratch repo on git.kde.org

If users actually run KFloppy as root, please make sure that it is not possible! Please add a check prior (!) to the creation of Q(Gui)Application and terminate if it is run as root. It's important to do the check prior to creating Q(Gui)Application as the ctor performs the connection to XServer and afterwards it might be too late.

The only viable solution is using KAuth. If this doesn't work for KFloppy, then I would agree that for security reasons we need to declare it as eol.

I consider this as highly important! We need to get away from running GUI applications as root. It's insecure, it's dangerous and broken (yes, a root app has problems to connect to a user Display server, such as rootless-X11 or Wayland). We as a community need to stop recommending this. We need to make sure that applications which users might run as root just exit with a warning.

Cheers
Martin, the broken "you shall not run X11 apps as root"-record