-
Notifications
You must be signed in to change notification settings - Fork 27
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sudo: Strip environment #22
Conversation
GTM |
@palinek - i think, now it the right time to merge it |
@tsujan Do you see any (new) issues by using this? |
I'm afraid, yes! Please see lxqt/lxqt#1138 (comment). That was one day after your PR. Should I try it again? |
I saw that comment... and added a fixup to not strip PATH (maybe this is somehow configurable for preserving in
Yes, please. |
This time it opens the app as root without changing the permissions of its config file, but... Let me show you two screenshots. This is This one is with my simple change: As you see, the theme isn't preserved in the first case, while it is in the second (exactly as |
Yes. That's the difference between those two:
The result is obvious (in this PR usage all the QT_* are stripped, in yours they are left so you're using e.g. kvantum also while with root privileges). |
OK, but shouldn't lxqt-sudo behave as kdesu does? I think the point of an lxqt-sudo instead of simple sudo is that, among other things. |
Sorry. Leaving this to others to judge... (...when people are saying preserve the env and on the other side others are voting for stripping...) Should the decision be made, I'll hapilly either merge this or reject it. |
I have no objection. |
...and the very same happens if you use |
That only indicates gksu isn't a good option. We're dealing with a practical issue here -- it's not just theoretical anymore. Who could use pcmanfm-qt as root in that way?! And it isn't alone in this. |
@palinek do you see any issues with allowing QT_* variables? |
I wasn't the one who required the stripping of the environment... |
I know. I'm just thinking that if allowing QT_* would not be a problem, then we should do it, because it would fix the theming issues (right?). @Vladimir-csp what do you think? |
I always thought that theming issues are to be expected when using sudo, unless some overlay mechanism is in place, i.e. xsettings. So I do not know. Anyone knows good security expert? |
Rebased and:
|
Leave only required environment variables (for X & locale) to get into the elevated child process.
Leave only required environment variables (for X & locale) to get into
the elevated child process.
closes lxqt/lxqt#899
closes lxqt/lxqt#1138