Bug 622813

Summary: Consolehelper writes no error messages when non-root user runs it
Product: Red Hat Enterprise Linux 6 Reporter: Juraj Marko <jmarko>
Component: usermodeAssignee: Miloslav Trmač <mitr>
Status: CLOSED WONTFIX QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: medium Docs Contact:
Priority: low    
Version: 6.0CC: hhorak, nlevinki, ovasik, pkis, ykopkova
Target Milestone: rcKeywords: RHELNAK
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-12-06 10:52:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Juraj Marko 2010-08-10 13:26:48 UTC
Description of problem:
When non-root user runs "bacula-tray-monitor -c /etc/bacula/tray-monitor.conf" the consolehelper asks for a root password. But when there is an error (e.g. reproduced with disabled xserver) the error message is not written in the bash. 

Version-Release number of selected component (if applicable):
bacula-traymonitor-5.0.0-7.el6

How reproducible:
100%

Steps to Reproduce:
1. turn off xserver or disable for the non-root user
2. login as non-root user
3. $ bacula-tray-monitor -c /etc/bacula/tray-monitor.conf
   You are attempting to run "bacula-tray-monitor" which requires administrative
   privileges, but more information is needed in order to do so.
   Authenticating as "root"
   Password:
   $

Actual results:
No error message in bash

Expected results:
Error message is printed in bash

Additional info:

Comment 2 RHEL Program Management 2010-08-10 13:58:36 UTC
This issue has been proposed when we are only considering blocker
issues in the current Red Hat Enterprise Linux release.

** If you would still like this issue considered for the current
release, ask your support representative to file as a blocker on
your behalf. Otherwise ask that it be considered for the next
Red Hat Enterprise Linux release. **

Comment 4 RHEL Program Management 2011-07-06 00:26:32 UTC
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unfortunately unable to
address this request at this time. Red Hat invites you to
ask your support representative to propose this request, if
appropriate and relevant, in the next release of Red Hat
Enterprise Linux. If you would like it considered as an
exception in the current release, please ask your support
representative.

Comment 6 Honza Horak 2011-07-15 09:34:38 UTC
Actually, the authentication is provided by usermode package (consolehelper wrapper), so I'm re-assigning this bug to usermode component and changing needinfo request to Miloslav.

Comment 7 Miloslav Trmač 2011-07-15 13:30:25 UTC
I'm afraid I can't reproduce the problem, I get an error message when not starting bacula-tray-monitor under X:

> $ bacula-tray-monitor -c /etc/bacula/tray-monitor.conf
> You are attempting to run "bacula-tray-monitor" which requires administrative
> privileges, but more information is needed in order to do so.
> Authenticating as "root"
> Password:
>
> (bacula-tray-monitor:11405): Gtk-WARNING **: cannot open display :

Could you describe your environment in more detail, please?
* Just to be sure, you are entering root's password correctly, aren't you?
* Is X running at all?
* How are you logging in?  On a console, via ssh, something else?
* (rpm -q usermode usermode-gtk)
* Attach the output of (printenv) in the context in which you run bacula-tray-monitor
* Attach strace:
  - Enter the bacula-tray-monitor command as non-root
  - From a parallel root login, run (strace -ff -s 512 -o log -p $PID_FILE_OF_THE_USERHELPER_PROCESS)
  - Enter root's password, let bacula-tray-monitor finish
  - At the root login, REMOVE YOUR ROOT PASSWORD from log.*
  - Attach the log.* files

Comment 8 Juraj Marko 2011-07-15 14:28:20 UTC
(In reply to comment #7)
> I'm afraid I can't reproduce the problem, I get an error message when not
> starting bacula-tray-monitor under X:
> 
> > $ bacula-tray-monitor -c /etc/bacula/tray-monitor.conf
> > You are attempting to run "bacula-tray-monitor" which requires administrative
> > privileges, but more information is needed in order to do so.
> > Authenticating as "root"
> > Password:
> >
> > (bacula-tray-monitor:11405): Gtk-WARNING **: cannot open display :
> 
> Could you describe your environment in more detail, please?
> * Just to be sure, you are entering root's password correctly, aren't you?
> * Is X running at all?
> * How are you logging in?  On a console, via ssh, something else?

It was running without complete X if I remember correctly it was using vnc or something like that. I is a long time and it was reproduced when I try to test one other bug and i already don't have the environment. I can try to reproduce it when i come back from PTO (1week).

> * (rpm -q usermode usermode-gtk)
> * Attach the output of (printenv) in the context in which you run
> bacula-tray-monitor
> * Attach strace:
>   - Enter the bacula-tray-monitor command as non-root
>   - From a parallel root login, run (strace -ff -s 512 -o log -p
> $PID_FILE_OF_THE_USERHELPER_PROCESS)
>   - Enter root's password, let bacula-tray-monitor finish
>   - At the root login, REMOVE YOUR ROOT PASSWORD from log.*
>   - Attach the log.* files

Comment 9 Miloslav Trmač 2011-07-15 14:35:14 UTC
(In reply to comment #8)
> It was running without complete X if I remember correctly it was using vnc or
> something like that. I is a long time and it was reproduced when I try to test
> one other bug and i already don't have the environment. I can try to reproduce
> it when i come back from PTO (1week).
As described above, everything seems to be behaving correctly in the simple case; having a reproducer would be helpful.

Comment 10 Honza Horak 2011-07-18 07:01:47 UTC
(In reply to comment #7)
> I'm afraid I can't reproduce the problem, I get an error message when not
> starting bacula-tray-monitor under X:
The running environment must be set, but it is probably not needed, because I think it is a general issue and it is able to reproduced with authconfig as well (see bellow).

> Could you describe your environment in more detail, please?
> * Just to be sure, you are entering root's password correctly, aren't you?
If I understood it correctly there is a problem if incorrect password is entering.

> * Is X running at all?
Not in my following reproducer:

How to reproduce (with authconfig component instead of bacula-tray-monitor):
1. have authconfig installed on the system (probably done by default)
2. login to the system as a regular user using ssh without X tunneling
3. $ authconfig
You are attempting to run "authconfig" which requires administrative
privileges, but more information is needed in order to do so.
Authenticating as "root"
Password: [wrong password]
Password: [wrong password]
Password: 
4. there is no error message printed (user may be confused)

Note1: Changing component in the subject.
Note2: If we have X server running a gtk window is displayed, but there is also no error message if we enter incorrect password.

Comment 11 Miloslav Trmač 2011-07-19 23:32:26 UTC
(In reply to comment #10)
> (In reply to comment #7)
> > I'm afraid I can't reproduce the problem, I get an error message when not
> > starting bacula-tray-monitor under X:
> The running environment must be set, but it is probably not needed, because I
> think it is a general issue and it is able to reproduced with authconfig as
> well (see bellow).
> 
> > Could you describe your environment in more detail, please?
> > * Just to be sure, you are entering root's password correctly, aren't you?
> If I understood it correctly there is a problem if incorrect password is
> entering.
I can reproduce that case, but I'm not sure whether that's the same problem that the original reporter encountered - comment #0 doesn't show any repeated attempts to enter the password.  Juraj, please speak up if the problem you see is something else.

> Note2: If we have X server running a gtk window is displayed, but there is also
> no error message if we enter incorrect password.
Well, there is an error message if you enter it too many times.  That's also something that might be improved, but it's not quite trivial to do without adding another annoying popup dialog.

Comment 14 RHEL Program Management 2011-07-19 23:57:56 UTC
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unfortunately unable to
address this request at this time. Red Hat invites you to
ask your support representative to propose this request, if
appropriate and relevant, in the next release of Red Hat
Enterprise Linux. If you would like it considered as an
exception in the current release, please ask your support
representative.

Comment 17 Suzanne Logcher 2012-02-14 23:01:48 UTC
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unfortunately unable to
address this request at this time. Red Hat invites you to
ask your support representative to propose this request, if
appropriate and relevant, in the next release of Red Hat
Enterprise Linux. If you would like it considered as an
exception in the current release, please ask your support
representative.

Comment 18 RHEL Program Management 2012-09-07 05:00:49 UTC
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unable to address this
request at this time.

Red Hat invites you to ask your support representative to
propose this request, if appropriate, in the next release of
Red Hat Enterprise Linux.

Comment 25 Jan Kurik 2017-12-06 10:52:16 UTC
Red Hat Enterprise Linux 6 is in the Production 3 Phase. During the Production 3 Phase, Critical impact Security Advisories (RHSAs) and selected Urgent Priority Bug Fix Advisories (RHBAs) may be released as they become available.

The official life cycle policy can be reviewed here:

http://redhat.com/rhel/lifecycle

This issue does not meet the inclusion criteria for the Production 3 Phase and will be marked as CLOSED/WONTFIX. If this remains a critical requirement, please contact Red Hat Customer Support to request a re-evaluation of the issue, citing a clear business justification. Note that a strong business justification will be required for re-evaluation. Red Hat Customer Support can be contacted via the Red Hat Customer Portal at the following URL:

https://access.redhat.com/