Strange security situation with KDE

[cstdenis]

As a normal user under KDE I am able to edit a file I should not be able to

The file:

-rw-r--r--  1 root  wheel  16 Sep 10 23:01 /root/test.sh

I have checked that kate/kwrite/dolphin, etc is running under my user, not root.

I am in wheel group (and operator) so seeing the file is ok, but why am I able to write to it?

If I try from konsole (pico) it gives the expected permission denied error. but "user@host:/root % kate test.sh" allows me to save.

How is this possible?


Environment: FreeBSD 13.1 KDE5 and xorg installed from pkg quarterly.


This is such a major security hole that I assume it's expected behavior that I don't know about because I'm new to using FreeBSD as a desktop.

 

[SirDice]

but "user@host:/root % kate test.sh" allows me to save.

That is unlikely, filesystem permissions trump whatever kate is doing. Unless somebody added the SUID bit to the executable (that's a bad idea).

 

[YYY__]

Run a built-in terminal from Kate (is it possible?) and try whoami and id commands.
Could you have stored the privileges for the session previously?

 

[cstdenis]

user@host:/root % ll /usr/local/bin/kate
-rwxr-xr-x  1 root  wheel  1202912 Sep  4 17:46 /usr/local/bin/kate*

Terminal in kate (editing the file)

user@host:/root % whoami
user
user@host:/root % id
uid=1001(user) gid=0(wheel) groups=0(wheel),5(operator)

Could you have stored the privileges for the session previously?

Possibly? I've never intentionally run a different command like sudoedit, but if it prompted me to override permissions or something I may have said yes at some point. Is there an easy way to check this?

 

[cstdenis]

Found the problem.

Create this file /usr/local/etc/polkit-1/rules-d/40-wheel-group.rules with this content:

polkit.addRule(function(action, subject) {
    if (subject.isInGroup("wheel")) {
        return polkit.Result.YES;
    }
});

From this tutorial: https://community.kde.org/FreeBSD/Setup

 

[smithi]

Found the problem.

Create this file /usr/local/etc/polkit-1/rules-d/40-wheel-group.rules with this content:

polkit.addRule(function(action, subject) {
    if (subject.isInGroup("wheel")) {
        return polkit.Result.YES;
    }
});

From this tutorial: https://community.kde.org/FreeBSD/Setup

Sorry, I don't follow how that relates to kate obtaining root credentials when saving a file? Is polkit essentially a sudo replacement?

Can you or someone explain?

 

[Phishfry]

What are ConsoleKit and PolicyKit? How do they work?

I have seen that recent GNU/Linux are using ConsoleKit and PolicyKit. What are they for? How do they work? The best answer should explain what kind of problem each one tries to solve, and how they

unix.stackexchange.com