Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-10-11 11:28:33 -04:00
Code Issues Projects Releases Packages Wiki Activity

fix xfce4-power-manager xfpm-power-backlight-helper pkexec lxsudo popup

Browse source 
https://forums.whonix.org/t/xfce4-power-manager-xfpm-power-backlight-helper-pkexec-lxsudo-popup/8764

do show lxqt-sudo password prompt if there is a sudoers exceptoin

improved pkexec wrapper logging
This commit is contained in:
Patrick Schleizer 2020-01-15 02:42:10 -05:00
parent d90ca4b1ad
commit 80159545a5
No known key found for this signature in database
GPG key ID: CB8D50BB77BB3C48
4 changed files with 72 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

11
etc/sudoers.d/pkexec-security-misc Normal file
View file

@ -0,0 +1,11 @@
## Copyright (C) 2019 - 2019 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
## See the file COPYING for copying conditions.
## REVIEW: is it ok that users can find out the PATH setting of root?
%sudo ALL=NOPASSWD: /usr/lib/security-misc/echo-path
## xfpm-power-backlight-helper demands environment variable PKEXEC_UID to be
## set. Would otherwise error out with the following error message:
## "This program must only be run through pkexec"
## REVIEW: Can bad things be done by spoofing PKEXEC_UID?
Defaults:ALL env_keep += "PKEXEC_UID"

2
etc/sudoers.d/security-misc
View file

@ -3,5 +3,3 @@
user ALL=NOPASSWD: /usr/lib/security-misc/panic-on-oops
%sudo ALL=NOPASSWD: /usr/lib/security-misc/panic-on-oops
%sudo ALL=NOPASSWD: /usr/lib/security-misc/echo-path

19
etc/sudoers.d/xfce-security-misc Normal file
View file

@ -0,0 +1,19 @@
## Copyright (C) 2019 - 2019 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
## See the file COPYING for copying conditions.
## https://forums.whonix.org/t/xfce4-power-manager-xfpm-power-backlight-helper-pkexec-lxsudo-popup/8764
## /usr/share/polkit-1/actions/org.xfce.power.policy
## Feel free to out comment this if you are not using xfce4-power-manager or XFCE.
%sudo ALL=NOPASSWD: /usr/sbin/xfpm-power-backlight-helper --set-brightness [[\:digit\:]]
%sudo ALL=NOPASSWD: /usr/sbin/xfpm-power-backlight-helper --set-brightness [[\:digit\:]][[\:digit\:]]
%sudo ALL=NOPASSWD: /usr/sbin/xfpm-power-backlight-helper --set-brightness [[\:digit\:]][[\:digit\:]][[\:digit\:]]
%sudo ALL=NOPASSWD: /usr/sbin/xfpm-power-backlight-helper --set-brightness-switch [[\:digit\:]]
%sudo ALL=NOPASSWD: /usr/sbin/xfpm-power-backlight-helper --set-brightness-switch [[\:digit\:]][[\:digit\:]]
%sudo ALL=NOPASSWD: /usr/sbin/xfpm-power-backlight-helper --set-brightness-switch [[\:digit\:]][[\:digit\:]][[\:digit\:]]
## XXX: Should we allow this?
#%sudo ALL=NOPASSWD: /usr/sbin/xfce4-pm-helper --suspend
#%sudo ALL=NOPASSWD: /usr/sbin/xfce4-pm-helper --hibernate