anydesk could be started only as root

susannej

susannej

Hello all,

I use deskutils/anydesk on my machines, but now I have a FreeBSD 12.0-p3 Box, installed with sddm and kde/plasma, where I'm only able to start anydesk, if I'm root.
I'll have a look on another machine (but it will take some time to get my hands on it), where I've kde/gnome etc. installed, where I could start it as a normal user - I think.

(setuid doesn't work, because it's a gtk-app.)

Do I miss something or does the behaviour changed in the past?

Thanks in advance!
susanne.
 
PLease put some logs here. you can see or watch your log ass root user.
use this link too,
forums.freebsd.org

Log files

Today I was messing around with one of my test machines until it hung and then rebooted. After reboot, which log files should I definitely check?
forums.freebsd.org forums.freebsd.org
and this link too,
forums.freebsd.org

location of xorg.conf ?

I have an active xserver, but am not clear where it gets its configuration directives from. Looking around the filesystem, I do: $ sudo find / -name xorg /usr/local/share/X11/xkb/rules/xorg /usr/local/include/xorg /usr/local/lib/xorg /usr/ports/x11/xorg $ sudo find / -name xorg.conf $ sudo...
forums.freebsd.org forums.freebsd.org
 
Thanks for your reply! I wish I could offer some logs for the problem... but there's nothing in the logs and I know no command switch for anydesk like -v or something else...
 
I wonder how doas(1) would work in this case.
No idea about your application but I use it for networkmgr and it works well for that.(needs root)

You will need to create a /usr/local/etc/doas.conf with the services you need.
Here is that file for networkmgr. Maybe you could modify it to suit.
Code: 
permit nopass keepenv root
permit :wheel
permit nopass keepenv :wheel cmd netcardmgr
permit nopass keepenv :wheel cmd ifconfig
permit nopass keepenv :wheel cmd service
Instead of netcardmgr and ifconfig you would need services related to anydesk.
 
Seeing how this application was exploited I would be weary using it. Especially if you are seeing new behavior.
Remember that our ports system is not immune.
Root needed on a program that has been exploited in the past sounds pretty bad where I am sitting.
 
I hate to make unfounded accusations about any program.

The bad thing is a Remote Desktop Program has to have hooks into your hardware.
That is a threat right there but why would they need root to use the hardware (framebuffer, keyboard,mouse).
TightVNC doesn't need root.

Something like that should have been in the UPDATING notes. That is where I would start my investigation.
I might contact the port maintainer and ask him if he know anything about root needed.
 
OK looking at the pkg-message: deskutils/anydesk/
Since Version 2.9.1 the following prerequisites have to be met:

1. You need a mounted /proc directory. Either mount it manually or add it to your /etc/fstab file:
fstab: proc /proc procfs rw 0 0
manually: # mount -t procfs proc /proc
2. You need a loaded mqueuefs module:
manual load: kldload mqueuefs (as root!)
Click to expand...

So instead of manually running kld mqueuefs (as root)
Why not try in /etc/rc.conf
kld_list="mqueuefs"

That will load the module on boot and maybe you can start anydesk as a regular user.
 
Wow, many thanks Phishfry :D

I'm using anydesk a while and it's really easy to get an adhoc connection to another (well-known) machine. I would bet, that on my other one, there is no need to be root to execute the application (I'll will have a look this evening). But maybe, that's an older version, because I think there was no need to load the mqueuefs module.

I was hoping anyone here knows something, if something has changed for anydesk on freebsd ... it was a bit annoying to see, that it wouldn't run as an ordinary user... still hoping I made a mistake.
 
Somebody needs to contact the port maintainer.
Telling people to load a module as root is not good. They should show the automatic method too.
Sorry for the noise. Be careful out there. Its a wild wild internet.
.
Append to pkg-message
auto load: sysrc kld_list+=mqueuefs
 
Phishfry said:
Looking around the internet it seems there are security concerns regarding this application.
"Anydesk exploited to spread ransomeware"
I would tread very carefully here.
Click to expand...

Per the source link, it's not that AnyDesk itself is infected, but rather that RANSOM_BLACKHEART bundles both the legitimate program and the malware together, apparently using the former to hide the latter.

Also, the problem appears to affect Windows systems only.
 
You must log in or register to reply here.
Back
Top