Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#990259: policykit-1-gnome: crashes under Wayland
263 views
Skip to first unread message
zsien
Jun 24, 2021, 2:40:02 AM6/24/21
to
Package: policykit-1-gnome
Version: 0.105-7
Severity: important
Steps to Reproduce:
1. Execute `/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1` under sway
2. Start a authentication: `pkexec /bin/sh`
Actual results:
Authentication window opens and crashes immediately.
See also: https://bugs.archlinux.org/task/70670.
And I created a Merge Request: https://salsa.debian.org/utopia-team/polkit-gnome/-/merge_requests/1.
-- System Information:
Debian Release: 11.0
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-7-amd64 (SMP w/16 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=zh_CN.UTF-8, LC_CTYPE=zh_CN.UTF-8 (charmap=UTF-8), LANGUAGE=zh_CN:zh
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages policykit-1-gnome depends on:
ii libc6 2.31-12
ii libgdk-pixbuf2.0-0 2.40.2-2
ii libglib2.0-0 2.66.8-1
ii libgtk-3-0 3.24.24-4
ii libpolkit-agent-1-0 0.105-31
ii libpolkit-gobject-1-0 0.105-31
ii policykit-1 0.105-31
policykit-1-gnome recommends no packages.
policykit-1-gnome suggests no packages.
-- no debconf information
Version: 0.105-7
Severity: important
Steps to Reproduce:
1. Execute `/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1` under sway
2. Start a authentication: `pkexec /bin/sh`
Actual results:
Authentication window opens and crashes immediately.
See also: https://bugs.archlinux.org/task/70670.
And I created a Merge Request: https://salsa.debian.org/utopia-team/polkit-gnome/-/merge_requests/1.
-- System Information:
Debian Release: 11.0
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-7-amd64 (SMP w/16 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=zh_CN.UTF-8, LC_CTYPE=zh_CN.UTF-8 (charmap=UTF-8), LANGUAGE=zh_CN:zh
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages policykit-1-gnome depends on:
ii libc6 2.31-12
ii libgdk-pixbuf2.0-0 2.40.2-2
ii libglib2.0-0 2.66.8-1
ii libgtk-3-0 3.24.24-4
ii libpolkit-agent-1-0 0.105-31
ii libpolkit-gobject-1-0 0.105-31
ii policykit-1 0.105-31
policykit-1-gnome recommends no packages.
policykit-1-gnome suggests no packages.
-- no debconf information
Michael Biebl
Jun 24, 2021, 5:20:03 AM6/24/21
to
Am 24.06.21 um 08:28 schrieb zsien:
I wanted to ask you to forward this patch to upstream, but it seems
PolicyKit-gnome has been archived:
https://gitlab.gnome.org/Archive/policykit-gnome
Having a security sensitive application with a dead upstream is probably
not a good idea, so I wonder whether dropping policykit-1-gnome from the
archive would be a (better) alternative.
Currently, the only hard reverse dependency according to dak is:
Checking reverse dependencies...
# Broken Depends:
cinnamon: cinnamon
cinnamon-control-center: cinnamon-control-center
Dependency problem found.
I thought cinnamon had a builtin PK agent. Either this is not true or
the dependency is unnecessary.
Simon, should we hand over policykit-1-gnome to the cinnamon maintainers?
Regards,
Michael
> Package: policykit-1-gnome
> Version: 0.105-7
> Severity: important
>
> Steps to Reproduce:
> 1. Execute `/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1` under sway
> 2. Start a authentication: `pkexec /bin/sh`
>
> Actual results:
> Authentication window opens and crashes immediately.
>
> See also: https://bugs.archlinux.org/task/70670.
>
> And I created a Merge Request: https://salsa.debian.org/utopia-team/polkit-gnome/-/merge_requests/1.
Thanks!
> Version: 0.105-7
> Severity: important
>
> Steps to Reproduce:
> 1. Execute `/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1` under sway
> 2. Start a authentication: `pkexec /bin/sh`
>
> Actual results:
> Authentication window opens and crashes immediately.
>
> See also: https://bugs.archlinux.org/task/70670.
>
> And I created a Merge Request: https://salsa.debian.org/utopia-team/polkit-gnome/-/merge_requests/1.
I wanted to ask you to forward this patch to upstream, but it seems
PolicyKit-gnome has been archived:
https://gitlab.gnome.org/Archive/policykit-gnome
Having a security sensitive application with a dead upstream is probably
not a good idea, so I wonder whether dropping policykit-1-gnome from the
archive would be a (better) alternative.
Currently, the only hard reverse dependency according to dak is:
Checking reverse dependencies...
# Broken Depends:
cinnamon: cinnamon
cinnamon-control-center: cinnamon-control-center
Dependency problem found.
I thought cinnamon had a builtin PK agent. Either this is not true or
the dependency is unnecessary.
Simon, should we hand over policykit-1-gnome to the cinnamon maintainers?
Regards,
Michael
Michael Biebl
Jun 24, 2021, 5:30:04 AM6/24/21
to
Control: clone -1 -2
Control: retitle -2 mate-polkit: crashes under Wayland
Control: reassign -2 mate-polkit
Control: found -2 1.24.0-2
Am 24.06.21 um 08:28 schrieb zsien:
based on policykit-1-gnome). It segfaulted as well. So cloning the issue.
Control: retitle -2 mate-polkit: crashes under Wayland
Control: reassign -2 mate-polkit
Control: found -2 1.24.0-2
Am 24.06.21 um 08:28 schrieb zsien:
> Package: policykit-1-gnome
> Version: 0.105-7
> Severity: important
>
> Steps to Reproduce:
> 1. Execute `/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1` under sway
> 2. Start a authentication: `pkexec /bin/sh`
>
> Actual results:
> Authentication window opens and crashes immediately.
>
For fun, I tried this with mate-polkit as well (which as I understand is
> Version: 0.105-7
> Severity: important
>
> Steps to Reproduce:
> 1. Execute `/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1` under sway
> 2. Start a authentication: `pkexec /bin/sh`
>
> Actual results:
> Authentication window opens and crashes immediately.
>
based on policykit-1-gnome). It segfaulted as well. So cloning the issue.
Norbert Preining
Jun 24, 2021, 7:00:03 AM6/24/21
to
Hi
> > Checking reverse dependencies...
> > # Broken Depends:
> > cinnamon: cinnamon
> > cinnamon-control-center: cinnamon-control-center
Hmmm, that **seems** to be a left-over from old times, as polkit-agent-1
seems to be used - but as said, I am not using cinnamon anymore so hard
to tell.
Best
Norbert
--
PREINING Norbert https://www.preining.info
Fujitsu Research + IFMGA Guide + TU Wien + TeX Live + Debian Dev
GPG: 0x860CDC13 fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13
> > Checking reverse dependencies...
> > # Broken Depends:
> > cinnamon: cinnamon
> > cinnamon-control-center: cinnamon-control-center
seems to be used - but as said, I am not using cinnamon anymore so hard
to tell.
Best
Norbert
--
PREINING Norbert https://www.preining.info
Fujitsu Research + IFMGA Guide + TU Wien + TeX Live + Debian Dev
GPG: 0x860CDC13 fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13
Simon McVittie
Jun 24, 2021, 7:00:03 AM6/24/21
to
On Thu, 24 Jun 2021 at 11:25:33 +0200, Michael Biebl wrote:
> Am 24.06.21 um 11:03 schrieb Michael Biebl:
> Am 24.06.21 um 11:03 schrieb Michael Biebl:
> > Having a security sensitive application with a dead upstream is probably
> > not a good idea, so I wonder whether dropping policykit-1-gnome from the
> > archive would be a (better) alternative.
I agree, security-sensitive software needs an active upstream developer
> > not a good idea, so I wonder whether dropping policykit-1-gnome from the
> > archive would be a (better) alternative.
(and if third-party projects are still relying on GNOME maintaining this,
10 years after GNOME Shell took over responsibility for being GNOME's
polkit agent, then they need to consider whether their approach is really
sustainable).
I've opened <https://bugs.debian.org/990271>.
> > I thought cinnamon had a builtin PK agent. Either this is not true or
> > the dependency is unnecessary.
Cinnamon was originally a fork of GNOME Shell, which has
src/shell-polkit-authentication-agent.c, but Cinnamon developers seem
to have removed the equivalent from their fork in 2013. Unfortunately,
the commit message doesn't say why.
https://github.com/linuxmint/cinnamon/commit/4873e7f4c5b53b5cc6dc3149d1165a7c84bc3fc0
> > Simon, should we hand over policykit-1-gnome to the cinnamon maintainers?
If it continues to be a security-sensitive application that is dead
upstream, then having Cinnamon's Debian maintainers take over its Debian
maintenance doesn't really solve anything. Would one of the other
implementations like lxpolkit be suitable for Cinnamon, perhaps?
I've opened <https://github.com/linuxmint/cinnamon/issues/10172>.
smcv
Michael Biebl
Jun 24, 2021, 7:20:03 AM6/24/21
to
Am 24.06.21 um 12:55 schrieb Simon McVittie:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=846245#45
I guess, having cinnamon use mate-polkit instead of policykit-1-gnome
could be an option. That said, I don't know how healthy mate-polkit
upstream is.
> On Thu, 24 Jun 2021 at 11:25:33 +0200, Michael Biebl wrote:
>>> I thought cinnamon had a builtin PK agent. Either this is not true or
>>> the dependency is unnecessary.
>
> I can't find a built-in PK agent.
Seems I already fell into this trap over 4 years ago.
>>> I thought cinnamon had a builtin PK agent. Either this is not true or
>>> the dependency is unnecessary.
>
> I can't find a built-in PK agent.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=846245#45
I guess, having cinnamon use mate-polkit instead of policykit-1-gnome
could be an option. That said, I don't know how healthy mate-polkit
upstream is.
Michael Biebl
Jun 24, 2021, 7:20:04 AM6/24/21
to
Am 24.06.21 um 12:54 schrieb Norbert Preining:
polkit-agent-1 package (keep in mind that e.g. gnome-shell provides
polkit-agent-1 and this is obviously not a working combination).
Instead, cinnamon should pick a specific (standalone) polkit-agent-1
implementation, which can be started under cinnamon.
Or as Simon already mentioned, implement its own PK agent directly in
the shell, as GNOME Shell does.
Regards,
Michael
> Hi
>
>>> Checking reverse dependencies...
>>> # Broken Depends:
>>> cinnamon: cinnamon
>>> cinnamon-control-center: cinnamon-control-center
>
> Hmmm, that **seems** to be a left-over from old times, as polkit-agent-1
> seems to be used - but as said, I am not using cinnamon anymore so hard
> to tell.
Not entirely sure if cinnamon should depend on the virtual
>
>>> Checking reverse dependencies...
>>> # Broken Depends:
>>> cinnamon: cinnamon
>>> cinnamon-control-center: cinnamon-control-center
>
> Hmmm, that **seems** to be a left-over from old times, as polkit-agent-1
> seems to be used - but as said, I am not using cinnamon anymore so hard
> to tell.
polkit-agent-1 package (keep in mind that e.g. gnome-shell provides
polkit-agent-1 and this is obviously not a working combination).
Instead, cinnamon should pick a specific (standalone) polkit-agent-1
implementation, which can be started under cinnamon.
Or as Simon already mentioned, implement its own PK agent directly in
the shell, as GNOME Shell does.
Regards,
Michael
Simon McVittie
Jun 24, 2021, 10:00:03 AM6/24/21
to
On Thu, 24 Jun 2021 at 19:54:35 +0900, Norbert Preining wrote:
> > > Checking reverse dependencies...
> > > # Broken Depends:
> > > cinnamon: cinnamon
> > > cinnamon-control-center: cinnamon-control-center
>
> Hmmm, that **seems** to be a left-over from old times, as polkit-agent-1
> seems to be used - but as said, I am not using cinnamon anymore so hard
> to tell.
The build system for Cinnamon does check for polkit-agent-1.pc
> > > Checking reverse dependencies...
> > > # Broken Depends:
> > > cinnamon: cinnamon
> > > cinnamon-control-center: cinnamon-control-center
>
> Hmmm, that **seems** to be a left-over from old times, as polkit-agent-1
> seems to be used - but as said, I am not using cinnamon anymore so hard
> to tell.
(libpolkit-agent-1-dev), which is what Cinnamon would have to use if it
was implementing its own internal polkit agent like GNOME Shell does -
but as far as I can see, that's a leftover from older versions, and not
actually used for anything (since 2013).
smcv
0 new messages