#807399 libkf5su-bin: kdesud not group suid and owned by root (instead of nobody)

Package:
libkf5su-bin
Source:
kdesu
Description:
runtime files for kdesu
Submitter:
Martin Graesslin
Date:
2025-04-17 17:36:02 UTC
Severity:
important
Tags:
#807399#5
Date:
2015-12-08 12:22:23 UTC
From:
To:
Dear Maintainer,

I noticed that the file
/usr/lib/x86_64-linux-gnu/libexec/kf5/kdesud

is group owned by "root" and not group suid.

Given the CMake snippet from the source package:
install(TARGETS kdesud DESTINATION ${KDE_INSTALL_LIBEXECDIR_KF5})
install(CODE "
    set(KDESUD_PATH \"\$ENV{DESTDIR}${CMAKE_INSTALL_FULL_LIBEXECDIR_KF5}/kdesud\")
    execute_process(COMMAND sh -c \"chgrp nogroup '\${KDESUD_PATH}' && chmod g+s '\${KDESUD_PATH}'\")
")

Without being suid for group the kdesud process is rather useless as kdesu from
kde-cli-tools reports:

kdesu(2626)/(org.kde.kdesu) startApp: Daemon not safe (not sgid), not using it.

Best Regards,
Martin Gräßlin

#807399#10
Date:
2015-12-08 14:36:12 UTC
From:
To:
¡Hola Martin!

El 2015-12-08 a las 13:22 +0100, Martin Graesslin escribió:

The permissions set by cmake are later tweaked in the package build process. I
don't see any "gain" gaining the nogroup group as suggests the previous
snippet. Is this to be able to write to global directory? If so, we would need
to create a specific group.

#807399#15
Date:
2015-12-08 15:35:55 UTC
From:
To:
I don't know why the nogroup is set. On my quick view I didn't see any reason
for it.

I guess only svn history might tell us ;-)

Cheers
Martin

#807399#20
Date:
2016-02-21 07:36:56 UTC
From:
To:
Control: forwarded -1 https://bugs.kde.org/show_bug.cgi?id=359621

I couldn't find any good reason for this, so I created https://bugs.kde.org/
show_bug.cgi?id=359621 upstream.

Happy hacking,