Bug 975541
| Summary: | gksu-polkit will kill the program being run after a minute or so | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Jan Pokorný [poki] <jpokorny> | ||||||
| Component: | gksu-polkit | Assignee: | Simone Caronni <negativo17> | ||||||
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||
| Severity: | unspecified | Docs Contact: | |||||||
| Priority: | unspecified | ||||||||
| Version: | 19 | CC: | dan.mashal, negativo17 | ||||||
| Target Milestone: | --- | ||||||||
| Target Release: | --- | ||||||||
| Hardware: | Unspecified | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | gksu-polkit-0.0.3-8.gitf8ce834c.fc18 | Doc Type: | Bug Fix | ||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2013-08-04 00:01:59 UTC | Type: | Bug | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Attachments: |
|
||||||||
Created attachment 762591 [details] Full strace of what I quoted in [comment 0]. Can also be observed with arbitrary 'continuous' terminal program: $ gksu-polkit yes y y [... at some point, 'y' character is no longer printed] $ rpm -qf $(which gksu-polkit)
gksu-polkit-0.0.3-6.fc18.x86_64
NB: I am aware there is newer package in testing, but the update does
not touch the codebase as such.
Hello, can you please test this build? http://slaanesh.fedorapeople.org/gksu-polkit/ The tarball in this package has been recreated from git sources; the orginal tarball at version 0.0.3 was never released and the URL it was pointing to does not exist anymore; so I can't understand where it did come from. This tarball, still at version 0.0.3 is quite different; so I guess it contains more fixes. Does this happen also with interactive commands? The example you pasted is with pango-view which is not interactive. Thanks, --Simone Simone, thanks for your activity. > Hello, can you please test this build? Gave it a test spin on my other machine (still F17, but the packages installed without any issue). Conclusion is that it didn't help for me and the same was observed - first it runs ok - after about a minute, the slave disappears, while... - original gksu-polkit command remains running in the terminal; does not react to any key stroke except for Ctrl-C/SIGINT upon which messages like this is shown (likely coming from DBus API): > ** (gksu-polkit:15228): WARNING **: Method invoked for SendSignal > returned FALSE but did not set error > Does this happen also with interactive commands? The example you pasted is > with pango-view which is not interactive. As already stated [comment 0], the primary target is (also) wireshark, if this is what you mean. The pango-view command was selected as it most probably does not require additional installation and demonstrates the correct privileges (/etc/sudoers is not readable beside root:root). Created attachment 777966 [details]
Fix for this bug
Gave it some more investigation ... and problem solved.
I've triggered an official build for all branches with your patch; it's currently building (gksu-polkit-0.0.3-8.gitf8ce834c). http://koji.fedoraproject.org/koji/packageinfo?packageID=14486 Please give a test and tomorrow evening I will push an update. Midnight here and tomorrow I'll be out of the office all day. Thanks for debugging! Regards, --Simone gksu-polkit-0.0.3-8.gitf8ce834c.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/gksu-polkit-0.0.3-8.gitf8ce834c.fc18 gksu-polkit-0.0.3-8.gitf8ce834c.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/gksu-polkit-0.0.3-8.gitf8ce834c.fc19 gksu-polkit-0.0.3-8.gitf8ce834c.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/gksu-polkit-0.0.3-8.gitf8ce834c.fc17 I've pushed the update as the old CVE was reopened because of the bad patch in 0.0.3-6.fc18. As written in https://bugzilla.redhat.com/show_bug.cgi?id=987562#c6 basically this package never worked since its first import. Dbus name was wrong, service file was installed with a wrong name, the patch for the CVE fix was creating a patch file instead of patching the code; the source tarball did not exist anywhere. This since Fedora 17. Package gksu-polkit-0.0.3-8.gitf8ce834c.fc18: * should fix your issue, * was pushed to the Fedora 18 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing gksu-polkit-0.0.3-8.gitf8ce834c.fc18' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-13616/gksu-polkit-0.0.3-8.gitf8ce834c.fc18 then log in and leave karma (feedback). gksu-polkit-0.0.3-8.gitf8ce834c.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report. gksu-polkit-0.0.3-8.gitf8ce834c.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report. |
This is something really strange and I have no clue if it is bug or some esoteric feature, but one would not expect su/sudo-like program killing its slave after some timeout is reached. Look (full strace will follow): $ strace -f -tt gksu-polkit pango-view /etc/sudoers 18:58:55.326702 execve("/bin/gksu-polkit", ["gksu-polkit", "pango-view", "/etc/sudoers"], [/* 53 vars */]) = 0 18:58:55.327415 brk(0) = 0x163e000 18:58:55.327551 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7651afa000 18:58:55.327696 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) 18:58:55.327841 open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 [...] 18:58:55.532148 socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC, 0) = 5 18:58:55.532338 connect(5, {sa_family=AF_FILE, sun_path="/var/run/dbus/system_bus_socket"}, 33) = 0 [...] 18:59:00.191351 write(4, "\1\0\0\0\0\0\0\0", 8) = 8 18:59:00.191378 fstat(10, {st_mode=S_IFIFO|0600, st_size=0, ...}) = 0 18:59:00.191403 fcntl(10, F_GETFL) = 0x800 (flags O_RDONLY|O_NONBLOCK) 18:59:00.191428 write(4, "\1\0\0\0\0\0\0\0", 8) = 8 18:59:00.191465 poll([{fd=4, events=POLLIN}, {fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=6, events=POLLIN|POLLPRI}, {fd=7, events=0}, {fd=8, events=0}, {fd=9, events=0}, {fd=10, events=0}, {fd=11, events=0}, {fd=7, events=0}, {fd=0, events=POLLIN|POLLPRI}, {fd=8, events=POLLIN|POLLPRI}, {fd=10, events=POLLIN|POLLPRI}], 13, 0) = 2 ([{fd=4, revents=POLLIN}, {fd=3, revents=POLLIN}]) 18:59:00.191564 recvfrom(3, "\21\0\205\0\4\0@\3\4\0@\3\0\0\0\0\0\0\0\0\0\0\0 \0\0\0\0\0\0\0\0\0", 4096, 0, NULL, NULL) = 32 18:59:00.191601 recvfrom(3, 0x16644f4, 4096, 0, 0, 0) = -1 EAGAIN (Resource temporarily unavailable) 18:59:00.191631 recvfrom(3, 0x16644f4, 4096, 0, 0, 0) = -1 EAGAIN (Resource temporarily unavailable) 18:59:00.191669 recvfrom(3, 0x16644f4, 4096, 0, 0, 0) = -1 EAGAIN (Resource temporarily unavailable) 18:59:00.191713 poll([{fd=4, events=POLLIN}, {fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=6, events=POLLIN|POLLPRI}, {fd=7, events=0}, {fd=8, events=0}, {fd=9, events=0}, {fd=10, events=0}, {fd=11, events=0}, {fd=7, events=0}, {fd=0, events=POLLIN|POLLPRI}, {fd=8, events=POLLIN|POLLPRI}, {fd=10, events=POLLIN|POLLPRI}], 13, 0) = 1 ([{fd=4, revents=POLLIN}]) 18:59:00.191765 read(4, "\20\0\0\0\0\0\0\0", 16) = 8 18:59:00.191817 recvfrom(3, 0x16644f4, 4096, 0, 0, 0) = -1 EAGAIN (Resource temporarily unavailable) 18:59:00.191847 poll([{fd=4, events=POLLIN}, {fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=6, events=POLLIN|POLLPRI}, {fd=7, events=0}, {fd=8, events=0}, {fd=9, events=0}, {fd=10, events=0}, {fd=11, events=0}, {fd=7, events=0}, {fd=0, events=POLLIN|POLLPRI}, {fd=8, events=POLLIN|POLLPRI}, {fd=10, events=POLLIN|POLLPRI}], 13, 0) = 0 (Timeout) 18:59:00.191893 read(4, 0x7ffff8f51470, 16) = -1 EAGAIN (Resource temporarily unavailable) 18:59:00.191937 recvfrom(3, 0x16644f4, 4096, 0, 0, 0) = -1 EAGAIN (Resource temporarily unavailable) 18:59:00.191968 poll([{fd=4, events=POLLIN}, {fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=6, events=POLLIN|POLLPRI}, {fd=7, events=0}, {fd=8, events=0}, {fd=9, events=0}, {fd=10, events=0}, {fd=11, events=0}, {fd=7, events=0}, {fd=0, events=POLLIN|POLLPRI}, {fd=8, events=POLLIN|POLLPRI}, {fd=10, events=POLLIN|POLLPRI}], 13, 4294967295) = ? ERESTART_RESTARTBLOCK (Interrupted by signal) 18:59:06.690148 --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} --- 18:59:06.690180 restart_syscall(<... resuming interrupted call ...>) = 1 <note: empty gap that is finished by pango-view being disappeared/killed? at the same moment subsequent lines being printed > 19:00:25.642729 write(4, "\1\0\0\0\0\0\0\0", 8) = 8 19:00:25.642834 recvmsg(5, {msg_name(0)=NULL, msg_iov(1)=[{"l\4\1\1%\0\0\0\5 \0\0\0\211\0\0\0\1\1o\0\25\0\0\0/org/fre"..., 2048}], msg_controllen=0, msg_flags=MSG_CMSG_CLOEXEC}, MSG_CMSG_CLOEXEC) = 197 19:00:25.642886 write(4, "\1\0\0\0\0\0\0\0", 8) = 8 19:00:25.642917 recvmsg(5, 0x7ffff8f512d0, MSG_CMSG_CLOEXEC) = -1 EAGAIN (Resource temporarily unavailable) 19:00:25.642948 write(4, "\1\0\0\0\0\0\0\0", 8) = 8 19:00:25.642977 recvfrom(3, 0x16644f4, 4096, 0, 0, 0) = -1 EAGAIN (Resource temporarily unavailable) 19:00:25.643013 poll([{fd=4, events=POLLIN}, {fd=3, events=POLLIN}, {fd=6, events=POLLIN|POLLPRI}, {fd=7, events=0}, {fd=8, events=0}, {fd=9, events=0}, {fd=10, events=0}, {fd=11, events=0}, {fd=7, events=0}, {fd=0, events=POLLIN|POLLPRI}, {fd=8, events=POLLIN|POLLPRI}, {fd=10, events=POLLIN|POLLPRI}, {fd=5, events=POLLIN}], 13, 0) = 1 ([{fd=4, revents=POLLIN}]) 19:00:25.643093 recvfrom(3, 0x16644f4, 4096, 0, 0, 0) = -1 EAGAIN (Resource temporarily unavailable) 19:00:25.643120 poll([{fd=4, events=POLLIN}, {fd=3, events=POLLIN}, {fd=6, events=POLLIN|POLLPRI}, {fd=7, events=0}, {fd=8, events=0}, {fd=9, events=0}, {fd=10, events=0}, {fd=11, events=0}, {fd=7, events=0}, {fd=0, events=POLLIN|POLLPRI}, {fd=8, events=POLLIN|POLLPRI}, {fd=10, events=POLLIN|POLLPRI}, {fd=5, events=POLLIN}], 13, 4294967295) = 1 ([{fd=4, revents=POLLIN}]) 19:00:25.643168 read(4, "\3\0\0\0\0\0\0\0", 16) = 8 19:00:25.643194 recvfrom(3, 0x16644f4, 4096, 0, 0, 0) = -1 EAGAIN (Resource temporarily unavailable) 19:00:25.643217 poll([{fd=4, events=POLLIN}, {fd=3, events=POLLIN}, {fd=6, events=POLLIN|POLLPRI}, {fd=7, events=0}, {fd=8, events=0}, {fd=9, events=0}, {fd=10, events=0}, {fd=11, events=0}, {fd=7, events=0}, {fd=0, events=POLLIN|POLLPRI}, {fd=8, events=POLLIN|POLLPRI}, {fd=10, events=POLLIN|POLLPRI}, {fd=5, events=POLLIN}], 13, 4294967295) = ? ERESTART_RESTARTBLOCK (Interrupted by signal) 19:00:55.764739 --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} --- 19:00:55.764769 restart_syscall(<... resuming interrupted call ...> <note: now, I've suspended the gksu-polkit process via ^Z, just to be able to kill it as a next step, as nothing meaningful can be done here > Apparently, this prevents gksu-polkit to be helpful at all (modulo one-off commands). Or maybe I am just missing its mission. First I noted this in connection to running "enabled" wireshark: [bug 959543].