Miroirs/msb
1
0
Fork 0
mirror of https://gitlab.com/mateslackbuilds/msb.git synced 2024-12-25 21:59:36 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Added note about how to fix gksu problem

Browse source 
Signed-off-by: Willy Sudiarto Raharjo <willysr@slackware-id.org>
This commit is contained in:
Willy Sudiarto Raharjo 2014-02-14 19:23:05 +07:00
parent b67c850aef
commit af47c28297
2 changed files with 61 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

40
KNOWN_ISSUES.TXT
View file

@ -1,5 +1,31 @@
The following is a list of known issues with MATE on Slackware: The following is a list of known issues with MATE on Slackware:
Fri Feb 14 12:11:22 UTC 2014
By default, gksu will not work in Slackware 14.1 since shadow has been patched
to fix security vulnerabilities, but this caused gksu to be broken.
See this thread on LQ for more information
http://www.linuxquestions.org/questions/slackware-14/%5Bslackware-14-1%5D-su-c-tty-hijacking-and-some-breakage-4175486942/
The solution for this problem is easy, but since it's not yet applied upstream,
we provided a simple fix from Mancha to fix this problem.
Download the shadow source from Slackware mirror site such as
http://slackware.osuosl.org/slackware-14.1/source/a/shadow/
or
http://slackware.osuosl.org/slackware64-14.1/source/a/shadow/
and also a patch included in testing/shadow and put it on the same folder.
Edit the shadow.SlackBuild and add this line
patch -p1 --verbose < $CWD/shadow-4.1.5.1_CVE-2005-4890_relax.diff || exit 1
before configure line and rebuild shadow package.
You can upgrade to the modified version by running:
upgradepkg /tmp/shadow-4.1.5.1-i486-2.tgz
or
upgradepkg /tmp/shadow-4.1.5.1-x86_64-2.tgz
After upgrading to the modified version, gksu will work normally.
Fri Feb 14 11:02:15 UTC 2014 Fri Feb 14 11:02:15 UTC 2014
If you are encountering problems with multiple Caja instances during loading If you are encountering problems with multiple Caja instances during loading
the MATE desktop, change this line in /usr/share/applications/caja.desktop the MATE desktop, change this line in /usr/share/applications/caja.desktop
@ -18,15 +44,6 @@ and rebuild caja again.
However, doing this will break gksu module in caja-extensions, so you can not However, doing this will break gksu module in caja-extensions, so you can not
run applications using root account from caja's context menu anymore. run applications using root account from caja's context menu anymore.
Tue Dec 3 12:12:18 UTC 2013
libgksu doesn't work anymore on Slackware 14.1 (and eventually -Current).
Possible workaround is to switch to root user using normal "su -" command.
Note:
We don't think there will be a solution for this problem as gksu and libgksu
are no longer maintained upstream. We will probably drop this in future
releases. This will also effect caja-extensions which has gksu modules in it.
Mon Jun 10 03:09:28 UTC 2013 Mon Jun 10 03:09:28 UTC 2013
If you are encountering problems with Caja (MATE's file manager) opening If you are encountering problems with Caja (MATE's file manager) opening
directories when clicking on files in certain programs like Dropbox, Skype, directories when clicking on files in certain programs like Dropbox, Skype,
@ -67,11 +84,6 @@ your $HOME, like $HOME/.config and $HOME/.cache and $HOME/.local. If you
switch back and forth between different desktop environments, sometimes those switch back and forth between different desktop environments, sometimes those
settings can get polluted. settings can get polluted.
Fri Mar 22 16:44:59 UTC 2013
Help menus and help buttons do not work -- this is a known issue per a MATE
upstream developer and scheduled to be fixed at some point but not in the next
release (1.6).
Fri Mar 22 16:43:36 UTC 2013 Fri Mar 22 16:43:36 UTC 2013
Working to determine whether mate-polkit is necessary. According to upstream, Working to determine whether mate-polkit is necessary. According to upstream,
it is, although it results in duplicative polkit actions when a USB stick is it is, although it results in duplicative polkit actions when a USB stick is

35
testing/shadow/shadow-4.1.5.1_CVE-2005-4890_relax.diff Normal file
View file

@ -0,0 +1,35 @@
From 0f6a809b7c4c9a8f4adb5b25808dd68000e17aa2 Mon Sep 17 00:00:00 2001
From: mancha <mancha1@hush.com>
Date: Wed, 04 Dec 2013
Subject: restrict "su -c" only when callee is not root
Shadow 4.1.5 addressed a tty-hijacking vulnerability in "su -c"
(CVE-2005-4890) by detaching the controlling terminal.
Omni-directional protection is excessive and breaks commonly-used
methods for privilege escalation. Breakage is particularly severe
on non-PAM systems.
This patch relaxes the restriction and only detaches the controlling
tty when the callee is not root. After all, we are not overly concerned
with root injecting commands to non-privileged users.
---
src/su.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/src/su.c
+++ b/src/su.c
@@ -1076,10 +1076,10 @@ int main (int argc, char **argv)
set_environment (pw);
- if (!doshell) {
+ if (!doshell && pw->pw_uid != 0) {
/* There is no need for a controlling terminal.
* This avoids the callee to inject commands on
- * the caller's tty. */
+ * the caller's tty when the callee is not root. */
int err = -1;
#ifdef USE_PAM