Sudo: Strip environment

[palinek]

Leave only required environment variables (for X & locale) to get into
the elevated child process.

closes lxqt/lxqt#899
closes lxqt/lxqt#1138

[agaida]

GTM

[agaida]

@palinek - i think, now it the right time to merge it

[palinek]

@tsujan Do you see any (new) issues by using this?

[tsujan]

@tsujan Do you see any (new) issues by using this?

I'm afraid, yes! Please see lxqt/lxqt#1138 (comment). That was one day after your PR. Should I try it again?

[palinek]

I'm afraid, yes! Please see lxqt/lxqt#1138 (comment).

I saw that comment... and added a fixup to not strip PATH (maybe this is somehow configurable for preserving in sudoers)

Should I try it again?

Yes, please.

[tsujan]

This time it opens the app as root without changing the permissions of its config file, but... Let me show you two screenshots. This is lxsudo featherpad with your PR:

This one is with my simple change:

As you see, the theme isn't preserved in the first case, while it is in the second (exactly as kdesu does under KDE).

[palinek]

As you see, the theme isn't preserved in the first case, while it is in the second

Yes. That's the difference between those two:

• my -> strip everything except few (well) known variables
• yours -> leave everything except strip few (well) known variables

The result is obvious (in this PR usage all the QT_* are stripped, in yours they are left so you're using e.g. kvantum also while with root privileges).

[tsujan]

OK, but shouldn't lxqt-sudo behave as kdesu does? I think the point of an lxqt-sudo instead of simple sudo is that, among other things.

[palinek]

OK, but shouldn't lxqt-sudo behave as kdesu does? I think the point of an lxqt-sudo instead of simple sudo is that, among other things.

Sorry. Leaving this to others to judge... (...when people are saying preserve the env and on the other side others are voting for stripping...)

Should the decision be made, I'll hapilly either merge this or reject it.

[tsujan]

Sorry. Leaving this to others to judge...

I have no objection.

[tsujan]

Sorry, I judged too quickly. FeatherPad, in the above example, can use its own icons. See what happens to lxsudo pcmanfm-qt:

This is with my few changes:

[palinek]

See what happens to lxsudo pcmanfm-qt:

...and the very same happens if you use gksu --sudo-mode pcmanfm-qt

[tsujan]

...and the very same happens if you use gksu --sudo-mode pcmanfm-qt

That only indicates gksu isn't a good option. We're dealing with a practical issue here -- it's not just theoretical anymore. Who could use pcmanfm-qt as root in that way?! And it isn't alone in this.

[paulolieuthier]

@palinek do you see any issues with allowing QT_* variables?

[palinek]

do you see any issues with allowing QT_* variables?

I wasn't the one who required the stripping of the environment...

[paulolieuthier]

I know. I'm just thinking that if allowing QT_* would not be a problem, then we should do it, because it would fix the theming issues (right?).

@Vladimir-csp what do you think?

[Vladimir-csp]

I always thought that theming issues are to be expected when using sudo, unless some overlay mechanism is in place, i.e. xsettings. So I do not know. Anyone knows good security expert?

[palinek]

Rebased and:

• added note about (non)stripped env. variables
• added the QT_PLATFORM_PLUGIN, QT_QPA_PLATFORMTHEME to preserved vars