mirror of
https://github.com/Kicksecure/security-misc.git
synced 2024-10-01 08:25:45 -04:00
98 lines
2.6 KiB
Bash
Executable File
98 lines
2.6 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
## Copyright (C) 2019 - 2019 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
|
|
## See the file COPYING for copying conditions.
|
|
|
|
## Redirect calls for pkexec to lxqt-sudo because pkexec is incompatible with
|
|
## hidepid.
|
|
## * https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860040
|
|
## * https://forums.whonix.org/t/cannot-use-pkexec/8129
|
|
|
|
set -e
|
|
|
|
my_pstree="$(pstree -p $$)" || true
|
|
echo "my_pstree: '$my_pstree' | $0 $@" | systemd-cat --identifier="$0" || true
|
|
|
|
## If hidepid is not in use, just use pkexec normally.
|
|
if ! mount | grep "/proc" | grep "hidepid=2" &>/dev/null ; then
|
|
pkexec.security-misc-orig "$@"
|
|
exit $?
|
|
fi
|
|
|
|
## Prefer lxqt-sudo.
|
|
use_sudo=false
|
|
|
|
original_args="$@"
|
|
|
|
## Thanks to:
|
|
## http://mywiki.wooledge.org/BashFAQ/035
|
|
|
|
while :
|
|
do
|
|
case $1 in
|
|
## Should show 'pkexec --version' or fail?
|
|
--version)
|
|
shift
|
|
pkexec.security-misc-orig "$original_args"
|
|
exit $?
|
|
;;
|
|
## Should show 'pkexec --help' or fail?
|
|
--help)
|
|
shift
|
|
pkexec.security-misc-orig "$original_args"
|
|
exit $?
|
|
;;
|
|
## Drop --disable-internal-agent as not needed and breaking both,
|
|
## lxqt-sudo and sudo.
|
|
--disable-internal-agent)
|
|
shift
|
|
;;
|
|
--user)
|
|
## lxqt-sudo does not support "--user".
|
|
## We should not make this wrapper run something as root which
|
|
## is supposed to run under a different user. Try using
|
|
## "sudo -A --user user --set-home" instead.
|
|
user_pkexec_wrapper="$2"
|
|
if [ "$user_pkexec_wrapper" = "" ]; then
|
|
shift
|
|
else
|
|
shift 2
|
|
fi
|
|
use_sudo=true
|
|
;;
|
|
--)
|
|
shift
|
|
break
|
|
;;
|
|
*)
|
|
break
|
|
;;
|
|
esac
|
|
done
|
|
|
|
## If there are input files (for example) that follow the options, they
|
|
## will remain in the "$@" positional parameters.
|
|
|
|
if [[ "$@" = "" ]]; then
|
|
## Call original pkexec in case there are no arguments.
|
|
pkexec.security-misc-orig $original_args
|
|
exit $?
|
|
fi
|
|
|
|
## set PATH same as root
|
|
## This is required for gdebi.
|
|
## REVIEW: is it ok that users can find out the PATH setting of root?
|
|
PATH="$(sudo --non-interactive /usr/lib/security-misc/echo-path)"
|
|
export PATH
|
|
|
|
exit_code=0
|
|
if [ "$use_sudo" = "true" ]; then
|
|
lxqt-sudo sudo --user "$user_pkexec_wrapper" --set-home "$@" || { exit_code=$? ; true; };
|
|
else
|
|
lxqt-sudo "$@" || { exit_code=$? ; true; };
|
|
fi
|
|
|
|
echo "exit_code: '$exit_code'" | systemd-cat --identifier="$0" || true
|
|
|
|
exit "$exit_code"
|