[Musix-usuarios] Musix BR: problema con dcopserver

Marcos Guglielmetti marcospcmusica en gmail.com
Dom Mar 30 17:44:48 CEST 2008


http://www.musix.org.ar/wiki/index.php?title=MusixBr-dcopserver-problema

El Domingo, 30 de Marzo de 2008 16:41, Gilberto Borges escribió:
 | > PD: aún tengo que testear Musix br para ver de
 | > solucionar el caso del
 | >
 | > > usuario común y KDE,
 |
 | He probado Musix-Br? Hasta ahora no he recibido
 | ninguno reporte.

Gilberto: ¿has cambiado algunas propiedades de archivos kdeinit* 
dentro de /usr/bin o /bin que te parece que puedan ocasionar esto?


Por ahora probé el CD de Musix BR y vi lo mismo que vos contabas. 
Traté de tirar algunos comandos para obtener respuestas más claras


"dcopserver
/usr/bin/iceauth:  /home/knoppix/.ICEauthority not writable, changes 
will be ignored
/usr/bin/iceauth:  /home/knoppix/.ICEauthority not writable, changes 
ignored
DCOPClient::attachInternal. Attach failed Authentication Rejected, 
reason : None of the authentication protocols specified are supported 
and host-based authentication failed
ICE Connection rejected!

DCOPClient::attachInternal. Attach failed Authentication Rejected, 
reason : None of the authentication protocols specified are supported 
and host-based authentication failed
DCOPServer self-test failed.
ICE Connection rejected!

iceauth:  /home/knoppix/.ICEauthority not writable, changes will be 
ignored






resetkdeapps.sh
Matando proceso kded incluso desde un usuario sudoer
Procesos en memoria con el nombre kded:
 4201 ?        00:00:00 kded
Materemos kded
Matando kded de todas las formas posibles! - Intento 1
No existen m�s procesos en memoria con el nombre kded
La operaci�n fue un �xito!

(process:4228): Gtk-WARNING **: This process is currently running 
setuid or setgid.
This is not a supported use of GTK+. You must create a helper
program instead. For further details, see:

    http://www.gtk.org/setuid.html

Refusing to initialize GTK+.
bash-3.1$ ls -lah /bin/resetkdeapps.sh
-rwxr-xr-x 1 root root 1006 2007-12-13 11:25 /bin/resetkdeapps.sh
"




Buscando "ICEauthority not writable, changes will be ignored" en 
Google encuentro 60 resultados, el primero es este

http://lists.kde.org/?l=kde-core-devel&m=116181200904533&w=2

Cuenta el mismo problema que tenemos acá en Musix BR



"List:       kde-core-devel
Subject:    kde 3.5.5 kdeinit setuid is always enabled?
From:       "Benjamin Reed" <rangerrick () gmail ! com>
Date:       2006-10-25 21:33:00
Message-ID: 57eba2250610251433t876847bn9fdcef689acbe346 () mail ! 
gmail ! com
[Download message RAW]

I'm not sure why this wouldn't be happening everywhere, but the new
setuid kdeinit stuff causes my ~/.ICEauthority file to be created
owned by root, which subsequently causes authentication errors and kde
fails to start:

---(snip!)---
xset:  bad font path element (#87), possible causes are:
    Directory does not exist or has wrong permissions
    Directory missing fonts.dir
    Incorrect font server address or syntax
xset:  bad font path element (#87), possible causes are:
    Directory does not exist or has wrong permissions
    Directory missing fonts.dir
    Incorrect font server address or syntax
startkde: Starting up...
kdeinit: Launched DCOPServer, pid = 12225 result = 0
DCOPClient::attachInternal. Attach failed Authentication Rejected,
reason : None of the authentication protocols specified are supported
and host-based authentication failed
ICE Connection rejected!

DCOPClient::attachInternal. Attach failed Authentication Rejected,
reason : None of the authentication protocols specified are supported
and host-based authentication failed
DCOPServer self-test failed.
iceauth:  /Users/ranger/.ICEauthority not writable, changes will be 
ignored
iceauth:  /Users/ranger/.ICEauthority not writable, changes ignored
kdeinit: DCOPServer could not be started, aborting.
ICE Connection rejected!

DCOPServer : slotShutdown() -> waiting for clients to disconnect.
DCOPServer : slotExit() -> exit.
Warning: connect() failed: : Permission denied
The following installation problem was detected
while trying to start KDE:

    No write access to '/Users/ranger/.ICEauthority'.

KDE is unable to start.
startkde: Could not start ksmserver. Check your installation.
ERROR: Couldn't attach to DCOP server!
startkde: Shutting down...
Warning: connect() failed: : Permission denied
Error: Can't contact kdeinit!
startkde: Running shutdown scripts...
startkde: Done.
---(snip!)---

now, according to configure.log it says it's not going to make it 
setuid:

---(snip!)---
checking whether to make kdeinit setuid root in order to protect it
from bad Linux OOM-killer... no
---(snip!)---

...and the Makefile.am *thinks* it's only supposed to do the setuid if
that says "yes":

---(snip!)---
if KDEINIT_SETUID
# start_kdeinit needs to be installed setuid root on Linux
install-exec-hook:
        @(chown 0 $(DESTDIR)$(bindir)/start_kdeinit && chmod 4755
$(DESTDIR)$(bindir)/start_kdeinit) || echo "Please make start_kdeinit
setuid root" >&2
        @echo ""
        @echo "start_kdeinit is by default installed on Linux with a
set SETUID root bit!"
        @echo "This is needed to prevent kdeinit from being killed by
a bad heuristic in the OOM-killer when running out of memory."
        @echo ""
endif
---(snip!)---

...but going by the install output, it's getting enabled anyways:

---(snip!)---
cd ./kdesu/ && /sw/share/unsermake/unsermake install-data-hook
99%
kgrantpty is by default installed with a set SETUID root bit!
This is needed for konsole, etc. to ensure that they can't be 
eavesdropped.

cd ./kdecore/ && /sw/share/unsermake/unsermake install-exec-hook
99%
start_kdeinit is by default installed on Linux with a set SETUID root 
bit!
This is needed to prevent kdeinit from being killed by a bad heuristic
in the OOM-killer when running out of memory.

cd ./kinit/ && /sw/share/unsermake/unsermake install-exec-hook
---(snip!)---

I can fix it manually for OSX now, but I wouldn't be surprised if this
bites someone else as well...
[prev in list] [next in list] [prev in thread] [next in thread] 


Configure | The K Desktop Environment home page | Other List Archives 
at MARC "




Y luego de otros mails alguien responde:



List:       kde-core-devel
Subject:    Re: kde 3.5.5 kdeinit setuid is always enabled?
From:       Dirk Mueller <mueller () kde ! org>
Date:       2006-10-26 6:07:33
Message-ID: 200610260807.33833.mueller () kde ! org
[Download message RAW]

On Wednesday 25 October 2006 23:33, Benjamin Reed wrote:

> I'm not sure why this wouldn't be happening everywhere, but the new
> setuid kdeinit stuff causes my ~/.ICEauthority file to be created
> owned by root, which subsequently causes authentication errors and 
kde
> fails to start:

Arrrrghhhhh. Yet another security vulnerability thanks to some stupid 
broken 
hack. 

Please try if r599168 or newer fixes it for you. 


Dirk
[prev in list] [next in list] [prev in thread] [next in thread] 



On 10/26/06, Dirk Mueller <mueller en kde.org> wrote:

> Please try if r599168 or newer fixes it for you.

yup, works for me



Es decir que probaron algún release, supongo, llamado r599168 y 
funcionó.




Nuevamente buscando en Google

http://www.kde.org/announcements/changelogs/3_5_6/kdelibs.txt


2006-10-26 05:37 +0000 [r599168]  mueller

	* branches/KDE/3.5/kdelibs/kinit/Makefile.am,
	  branches/KDE/3.5/kdelibs/kinit/configure.in.in: don't install
	  start_kdeinit suid root on non-linux


Pero ese es un parche para kde corriendo en sistemas no linux. De 
hecho el primer usuario hablaba de Mac OSX

Supongo que hay algún problema con las propiededes kdeinit

En mi sistema normal, instalado desde DVD, esto está así

ls -lah /usr/bin/kdeinit*
-rwxr-xr-x 1 root root  43K 2007-11-14 11:43 /usr/bin/kdeinit
-rwxr-xr-x 1 root root 9,7K 2007-11-14 11:43 /usr/bin/kdeinit_shutdown
-rwxr-xr-x 1 root root 9,7K 2007-11-14 11:43 /usr/bin/kdeinit_wrapper



reinicio y veo



Más información sobre la lista de distribución Musix-usuarios