Bug#519915: wicd: Needs sudo to handle scripts

Sat, 21 Mar 2009 00:27:34 -0700 

Hi David,

Le vendredi 20 mars 2009 à 22:23 +0100, David Paleino a écrit :
> CCing -devel, as I'd need some advice on how to properly handle this, as it
> might introduce some security issues.

I drop -devel from cc as I won't bring anything interesting for them I
guess...

> On Mon, 16 Mar 2009 08:29:52 +0100, Julien Valroff wrote:
> 
> > Package: wicd
> > Version: 1.5.9-4
> > Severity: normal
> > 
> > Hi David,
> 
> Hello Julien,
> 
> > I have just noticed sudo needs to be installed and configure to be able to
> > run /usr/share/wicd/configscript.py
> 
> Well, well... I don't see any reference to sudo in that script:
> 
> ---8<---
> if __name__ == '__main__':
>     if os.getuid() != 0:
>         print "Root privileges are required to configure scripts.  Exiting."
>         sys.exit(0)
>     main(sys.argv)
> --->8---
> 
> so, it "just" needs root privileges. Also:
> 
> $ grep sudo /usr/share/wicd/*
> $

Sorry, I hadn't checked the code.

Here is what I can see from ps after clicking "scripts":
julien    4330  0.4  2.5  23744 12896 ?        S    08:16   0:00 
/usr/bin/gksudo -m You must enter your password to configure scripts 
/usr/share/wicd/configscript.py 0 wireless
root      4331  0.0  0.2   3868  1248 ?        Ss   08:16   0:00 /usr/bin/sudo 
-H -S -p GNOME_SUDO_PASS -u root -- /usr/share/wicd/configscript.py 0 wireless

Now, I have a dialog telling me the root rights were given without
asking for a password. Then, nothing happens and I have to kill
wicd-client.

After relaunching wicd-client, I get the password dialog, asking me for
*my* password. And I get an error "Impossible to
laucnh /usr/share/wicd/configscript.py '0' 'wireless' as root" (it
mentions sudo in the long description below), and I have the following
line in my auth.log:
Mar 21 08:19:20 hestia sudo:   julien : command not allowed ; TTY=unknown ; 
PWD=/usr/share/wicd ; USER=root ; COMMAND=/usr/share/wicd/configscript.py 0 
wireless

sudo is installed in my system, but configured for only a bunch of
commands. I would rather not configure it for this.

Cheers,
Julien

-- 
Membre de l'April - « promouvoir et défendre le logiciel libre » -
http://www.april.org

Rejoignez maintenant plus de 4 000 personnes, associations, entreprises
et collectivités qui soutiennent notre action




--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to