Bug 622813
Summary: | Consolehelper writes no error messages when non-root user runs it | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Juraj Marko <jmarko> |
Component: | usermode | Assignee: | Miloslav Trmač <mitr> |
Status: | CLOSED WONTFIX | QA Contact: | BaseOS QE Security Team <qe-baseos-security> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 6.0 | CC: | hhorak, nlevinki, ovasik, pkis, ykopkova |
Target Milestone: | rc | Keywords: | RHELNAK |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-12-06 10:52:16 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Juraj Marko
2010-08-10 13:26:48 UTC
This issue has been proposed when we are only considering blocker issues in the current Red Hat Enterprise Linux release. ** If you would still like this issue considered for the current release, ask your support representative to file as a blocker on your behalf. Otherwise ask that it be considered for the next Red Hat Enterprise Linux release. ** This request was evaluated by Red Hat Product Management for inclusion in the current release of Red Hat Enterprise Linux. Because the affected component is not scheduled to be updated in the current release, Red Hat is unfortunately unable to address this request at this time. Red Hat invites you to ask your support representative to propose this request, if appropriate and relevant, in the next release of Red Hat Enterprise Linux. If you would like it considered as an exception in the current release, please ask your support representative. Actually, the authentication is provided by usermode package (consolehelper wrapper), so I'm re-assigning this bug to usermode component and changing needinfo request to Miloslav. I'm afraid I can't reproduce the problem, I get an error message when not starting bacula-tray-monitor under X: > $ bacula-tray-monitor -c /etc/bacula/tray-monitor.conf > You are attempting to run "bacula-tray-monitor" which requires administrative > privileges, but more information is needed in order to do so. > Authenticating as "root" > Password: > > (bacula-tray-monitor:11405): Gtk-WARNING **: cannot open display : Could you describe your environment in more detail, please? * Just to be sure, you are entering root's password correctly, aren't you? * Is X running at all? * How are you logging in? On a console, via ssh, something else? * (rpm -q usermode usermode-gtk) * Attach the output of (printenv) in the context in which you run bacula-tray-monitor * Attach strace: - Enter the bacula-tray-monitor command as non-root - From a parallel root login, run (strace -ff -s 512 -o log -p $PID_FILE_OF_THE_USERHELPER_PROCESS) - Enter root's password, let bacula-tray-monitor finish - At the root login, REMOVE YOUR ROOT PASSWORD from log.* - Attach the log.* files (In reply to comment #7) > I'm afraid I can't reproduce the problem, I get an error message when not > starting bacula-tray-monitor under X: > > > $ bacula-tray-monitor -c /etc/bacula/tray-monitor.conf > > You are attempting to run "bacula-tray-monitor" which requires administrative > > privileges, but more information is needed in order to do so. > > Authenticating as "root" > > Password: > > > > (bacula-tray-monitor:11405): Gtk-WARNING **: cannot open display : > > Could you describe your environment in more detail, please? > * Just to be sure, you are entering root's password correctly, aren't you? > * Is X running at all? > * How are you logging in? On a console, via ssh, something else? It was running without complete X if I remember correctly it was using vnc or something like that. I is a long time and it was reproduced when I try to test one other bug and i already don't have the environment. I can try to reproduce it when i come back from PTO (1week). > * (rpm -q usermode usermode-gtk) > * Attach the output of (printenv) in the context in which you run > bacula-tray-monitor > * Attach strace: > - Enter the bacula-tray-monitor command as non-root > - From a parallel root login, run (strace -ff -s 512 -o log -p > $PID_FILE_OF_THE_USERHELPER_PROCESS) > - Enter root's password, let bacula-tray-monitor finish > - At the root login, REMOVE YOUR ROOT PASSWORD from log.* > - Attach the log.* files (In reply to comment #8) > It was running without complete X if I remember correctly it was using vnc or > something like that. I is a long time and it was reproduced when I try to test > one other bug and i already don't have the environment. I can try to reproduce > it when i come back from PTO (1week). As described above, everything seems to be behaving correctly in the simple case; having a reproducer would be helpful. (In reply to comment #7) > I'm afraid I can't reproduce the problem, I get an error message when not > starting bacula-tray-monitor under X: The running environment must be set, but it is probably not needed, because I think it is a general issue and it is able to reproduced with authconfig as well (see bellow). > Could you describe your environment in more detail, please? > * Just to be sure, you are entering root's password correctly, aren't you? If I understood it correctly there is a problem if incorrect password is entering. > * Is X running at all? Not in my following reproducer: How to reproduce (with authconfig component instead of bacula-tray-monitor): 1. have authconfig installed on the system (probably done by default) 2. login to the system as a regular user using ssh without X tunneling 3. $ authconfig You are attempting to run "authconfig" which requires administrative privileges, but more information is needed in order to do so. Authenticating as "root" Password: [wrong password] Password: [wrong password] Password: 4. there is no error message printed (user may be confused) Note1: Changing component in the subject. Note2: If we have X server running a gtk window is displayed, but there is also no error message if we enter incorrect password. (In reply to comment #10) > (In reply to comment #7) > > I'm afraid I can't reproduce the problem, I get an error message when not > > starting bacula-tray-monitor under X: > The running environment must be set, but it is probably not needed, because I > think it is a general issue and it is able to reproduced with authconfig as > well (see bellow). > > > Could you describe your environment in more detail, please? > > * Just to be sure, you are entering root's password correctly, aren't you? > If I understood it correctly there is a problem if incorrect password is > entering. I can reproduce that case, but I'm not sure whether that's the same problem that the original reporter encountered - comment #0 doesn't show any repeated attempts to enter the password. Juraj, please speak up if the problem you see is something else. > Note2: If we have X server running a gtk window is displayed, but there is also > no error message if we enter incorrect password. Well, there is an error message if you enter it too many times. That's also something that might be improved, but it's not quite trivial to do without adding another annoying popup dialog. This request was evaluated by Red Hat Product Management for inclusion in the current release of Red Hat Enterprise Linux. Because the affected component is not scheduled to be updated in the current release, Red Hat is unfortunately unable to address this request at this time. Red Hat invites you to ask your support representative to propose this request, if appropriate and relevant, in the next release of Red Hat Enterprise Linux. If you would like it considered as an exception in the current release, please ask your support representative. This request was evaluated by Red Hat Product Management for inclusion in the current release of Red Hat Enterprise Linux. Because the affected component is not scheduled to be updated in the current release, Red Hat is unfortunately unable to address this request at this time. Red Hat invites you to ask your support representative to propose this request, if appropriate and relevant, in the next release of Red Hat Enterprise Linux. If you would like it considered as an exception in the current release, please ask your support representative. This request was evaluated by Red Hat Product Management for inclusion in the current release of Red Hat Enterprise Linux. Because the affected component is not scheduled to be updated in the current release, Red Hat is unable to address this request at this time. Red Hat invites you to ask your support representative to propose this request, if appropriate, in the next release of Red Hat Enterprise Linux. Red Hat Enterprise Linux 6 is in the Production 3 Phase. During the Production 3 Phase, Critical impact Security Advisories (RHSAs) and selected Urgent Priority Bug Fix Advisories (RHBAs) may be released as they become available. The official life cycle policy can be reviewed here: http://redhat.com/rhel/lifecycle This issue does not meet the inclusion criteria for the Production 3 Phase and will be marked as CLOSED/WONTFIX. If this remains a critical requirement, please contact Red Hat Customer Support to request a re-evaluation of the issue, citing a clear business justification. Note that a strong business justification will be required for re-evaluation. Red Hat Customer Support can be contacted via the Red Hat Customer Portal at the following URL: https://access.redhat.com/ |