File 0001-Defuse-root-block.patch of Package kate

From 5cec675834a722a6cb55858074eb7a2d13ec685e Mon Sep 17 00:00:00 2001
From: Fabian Vogt <fabian@ritter-vogt.de>
Date: Sat, 18 Feb 2017 13:49:14 +0100
Subject: [PATCH] Defuse root block

While the main point is correct as any application running in the same
X session (not sandboxed) can use kate's capability to open a console,
we allow (even encourage) running YaST on X11 as root.
That way it's only an impact on usability.
---
 kate/main.cpp   | 15 ++-------------
 kwrite/main.cpp | 15 ++-------------
 2 files changed, 4 insertions(+), 26 deletions(-)

diff --git a/kate/main.cpp b/kate/main.cpp
index cea01d6..37d418f 100644
--- a/kate/main.cpp
+++ b/kate/main.cpp
@@ -48,19 +48,8 @@ int main(int argc, char **argv)
 #ifndef Q_OS_WIN
     // Prohibit using sudo or kdesu (but allow using the root user directly)
     if (getuid() == 0) {
-        if (!qEnvironmentVariableIsEmpty("SUDO_USER")) {
-            std::cout << "Executing Kate with sudo is not possible due to unfixable security vulnerabilities. "
-                         "It is also not necessary; simply use Kate normally, and you will be prompted for "
-                         "elevated privileges when saving documents if needed."
-                      << std::endl;
-            return EXIT_FAILURE;
-        } else if (!qEnvironmentVariableIsEmpty("KDESU_USER")) {
-            std::cout << "Executing Kate with kdesu is not possible due to unfixable security vulnerabilities. "
-                         "It is also not necessary; simply use Kate normally, and you will be prompted for "
-                         "elevated privileges when saving documents if needed."
-                      << std::endl;
-            return EXIT_FAILURE;
-        }
+        std::cout << "THIS IS POTENTIALLY INSECURE!\nTo edit files as root please use:" << std::endl;
+        std::cout << "SUDO_EDITOR=kate sudoedit <file>" << std::endl;
     }
 #endif
     /**
diff --git a/kwrite/main.cpp b/kwrite/main.cpp
index 87cac6f..4f0bad2 100644
--- a/kwrite/main.cpp
+++ b/kwrite/main.cpp
@@ -40,19 +40,8 @@ extern "C" Q_DECL_EXPORT int main(int argc, char **argv)
 #ifndef Q_OS_WIN
     // Prohibit using sudo or kdesu (but allow using the root user directly)
     if (getuid() == 0) {
-        if (!qEnvironmentVariableIsEmpty("SUDO_USER")) {
-            std::cout << "Executing KWrite with sudo is not possible due to unfixable security vulnerabilities. "
-                         "It is also not necessary; simply use KWrite normally, and you will be prompted for "
-                         "elevated privileges when saving documents if needed."
-                      << std::endl;
-            return EXIT_FAILURE;
-        } else if (!qEnvironmentVariableIsEmpty("KDESU_USER")) {
-            std::cout << "Executing KWrite with kdesu is not possible due to unfixable security vulnerabilities. "
-                         "It is also not necessary; simply use KWrite normally, and you will be prompted for "
-                         "elevated privileges when saving documents if needed."
-                      << std::endl;
-            return EXIT_FAILURE;
-        }
+        std::cout << "THIS IS POTENTIALLY INSECURE!\nTo edit files as root please use:" << std::endl;
+        std::cout << "SUDO_EDITOR=kwrite sudoedit <file>" << std::endl;
     }
 #endif
 
-- 
2.30.2
openSUSE Build Service is sponsored by