Bug#271567: Can you disables the "locking" of the keyboard, mouse, ...

Osamu Aoki Osamu Aoki <osamu@debian.org>, 271567@bugs.debian.org
Thu, 13 Jan 2005 01:31:12 +0100 

--sdtB3X0nJg68CQEu
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Dear gksu maintainer

Can you make gksu's default behavior to be "gksu --disable-grub" ?

I think we loose nothing significant by doing this. We gain remote
access and we gain stable invocation of configuration tools under CJK
environment where input method (IM) support is needed as I read BTS.

Since I am asking to relax so-called *security* measures, I am CCing
debian-devel@l.d.o and DDs with affected packages to get opinion of the
wider audiences.

I know that some people surely think even use of gksu is bad: #211900
states "I don't want to encourage users to put in their root password in
an X session, because that is not secure."  This has a good point.  So
relaxing gksu may look even worse from this kind of view.  But
addressing this concern should be done differently (like sudo).

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

Fundamental question: What shall be the right way to allow root
privilege under X for Debian? (synaptic uses gksu now)

Proposal (simple one for sarge) Make gksu's default behavior to be "gksu
--disable-grub"

Proposal (alternative workaround, last resort for sarge) Make all the
menu entries for synaptic and other programs which uses gksu to use
"--disable-grub" option.

Proposal (alternative, something for post-sarge) Make all the menu
entries to uses sudo-type program (gksudo?)  so policy based user
privilege setup without root password is possible.  Also
"--disable-grub" needed.  If user is not allowed, make nice message
refusing execution.

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

Rationale (Summary):

Although the intent of grubbing stdin and mouse by the gksu program
sounds good for so-called *security* stand point, it can cause random
havoc for CJK environment and seems to be unusable for remote access X
environment without achieving significant security improvement.  Thus I
am requesting to disable this "grub" features of gksu.

Although su locks stdin, it fails much less drastically.  I do not think
sudo locks stdin. If this is still desirable feature, this gksu program
should not freeze X or segfaults when it encounters some other program
try to grub mouse or stdin from gksu.=20

Most affected softwares: scim (and possibly other CJK input method)
synaptic and other system configuration tools using gksu

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

Rationale (iAdditional details):=20

gksu, once started, grubs stdin and mouse to prevent security issues per
its documentation.  This behavior can be disabled by using
"--disable-grub" option.  This is causing many bug reports, I think:

Related bugs I found are scim: CJK input method which redirect input
through IM when invoked with CTRL-SPACE
  http://bugs.debian.org/283746 (Frozen X for synaptic)

 synaptic: started under menu with gksu
  http://bugs.debian.org/289994 (Frozen X)
  http://bugs.debian.org/211900 (No gksu+root-passwd in menu)

 gksu:
  http://bugs.debian.org/271567 (Frozen X, gnome-session)
  http://bugs.debian.org/280914 (Segfaults, remote X)
  http://bugs.debian.org/280899 (Cannot pipe stdin)
  http://bugs.debian.org/277723 (Lockup KDE for synaptic)

IMHO, if you are working on X environment where malware exists but
prevented by grubbing passwd input with gksu's grub-feature, this
malware can still do bad things by changing user's synaptic menu to use
"gksu --disable-grub".  So you are already doomed.  If we need is to set
up access control to the root requiring programs, use sudo type
arrangement.  (gksudo?)

FYI: Aptitude will prompt you for root passwd if you installed it.
(Maybe it should check sudo existence and use it if available.)

Osamu

--=20
~\^o^/~~~ ~\^.^/~~~ ~\^*^/~~~ ~\^_^/~~~ ~\^+^/~~~ ~\^:^/~~~ ~\^v^/~~~ +++++
        Osamu Aoki <osamu@debian.org>  Brussels Belgium, GPG-key: A8061F32
 .''`.  Debian Reference: post-installation user's guide for non-developers
 : :' : http://qref.sf.net and http://people.debian.org/~osamu
 `. `'  "Our Priorities are Our Users and Free Software" --- Social Contract


--sdtB3X0nJg68CQEu
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFB5cFQ6A/EwagGHzIRAnf/AJ49dDRC0a/A6042KmTowHXkUDgBCACeJi3s
Ki1DLr3x162NZ4KplOrk290=
=Y/B7
-----END PGP SIGNATURE-----

--sdtB3X0nJg68CQEu--