[SRU] Add -E support to lxqt-sudo
| Affects | Status | Importance | Assigned to | Milestone | ||
|---|---|---|---|---|---|---|
| lxqt-sudo (Ubuntu) | Status tracked in Mantic | |||||
| Jammy |
Fix Committed
|
Medium
|
Simon Quigley | |||
| Lunar |
Fix Committed
|
Medium
|
Simon Quigley | |||
| Mantic |
Fix Committed
|
Medium
|
Simon Quigley | |||
Bug Description
[ Impact ]
LXQt Sudo is a tool used by the Lubuntu desktop to authorize applications requiring escalated privileges. While presenting a graphical prompt (making it useful for graphical applications), it uses sudo/su/etc. on the backend to actually honor that request.
It recently came to my attention during the review process for bug 2038958 that lxqt-sudo does not pass enough environment variables. Rather than taking the approach of replacing that command with pksudo (or even a direct sudo), this adds a feature to LXQt Sudo allowing those environment variables to pass through. As a simple, opt-in command line option, this will not affect existing users who don't know about it.
I've submitted the patch upstream for review. As is usual when I submit patches, it'll probably be rejected, and we'll keep it as a vendor patch anyway. https:/
[ Test Plan ]
* Launch QTerminal.
* Run `lxqt-sudo qterminal` (or some other graphical app)
- No XDG-specific environment variables will be present when running `env`
* Run `lxqt-sudo -E qterminal`
- When running `env`, all environment variables present for the user should now be present on that child process.
Both of those commands should run without issue.
[ Where problems could occur ]
* If lubuntu-
* If someone calls lxqt-sudo ARGS COMMAND when they really meant lxqt-sudo COMMAND ARGS, they could trigger this on accident. This scenario is unlikely.
* As noted in some of the code comments on the file already, some applications will break when ran with this. That being said, they're accepting the same risk they would otherwise with `sudo -E`, so this is more of a calibration in user expectations than it is a bug.
* If Qt behavior changes drastically, or its underpinnings, the environment variables have the potential not to be read.
[ Other Info ]
In case you're wondering why -E isn't passed through *directly* to sudo (or similar), it's because the environment variables are being read into an array anyway, for string escaping and such. (I'd just like to keep the impact of this change low.)
| Changed in lxqt-sudo (Ubuntu Jammy): | |
| assignee: | nobody → Simon Quigley (tsimonq2) |
| Changed in lxqt-sudo (Ubuntu Lunar): | |
| assignee: | nobody → Simon Quigley (tsimonq2) |
| Changed in lxqt-sudo (Ubuntu Mantic): | |
| assignee: | nobody → Simon Quigley (tsimonq2) |
| importance: | Undecided → Medium |
| Changed in lxqt-sudo (Ubuntu Lunar): | |
| importance: | Undecided → Medium |
| Changed in lxqt-sudo (Ubuntu Jammy): | |
| importance: | Undecided → Medium |
| status: | New → In Progress |
| Changed in lxqt-sudo (Ubuntu Lunar): | |
| status: | New → In Progress |
| Changed in lxqt-sudo (Ubuntu Mantic): | |
| status: | New → In Progress |
| Steve Langasek (vorlon) wrote Please test proposed package | #1 |
| Changed in lxqt-sudo (Ubuntu Lunar): | |
| status: | In Progress → Fix Committed |
| tags: | added: verification-needed verification-needed-lunar |
| Changed in lxqt-sudo (Ubuntu Mantic): | |
| status: | In Progress → Fix Committed |
| Changed in lxqt-sudo (Ubuntu Jammy): | |
| status: | In Progress → Fix Committed |
| tags: | added: verification-needed-jammy |
| Steve Langasek (vorlon) wrote | #2 |
Hello Simon, or anyone else affected,
Accepted lxqt-sudo into lunar-proposed. The package will build now and be available at https:/
Please help us by testing this new package. See https:/
If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-
Further information regarding the verification process can be found at https:/
N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.