[Bug 298217] Re: no second attempt and no feedback when wrong password entered

Timmmm 298217 at bugs.launchpad.net
Sun Sep 11 15:53:09 UTC 2011 

Wow, I can't believe this obvious (and surely easy to fix!) bug is still
not fixed! After having skimmed the libgksu code though, I'm not
surprised -- it does call-outs to the shell all over the place.
Obviously a very bad idea:

  tmp = g_strdup_printf ("%s list %s | "
                         "head -1 | awk '{ print $3 }'",
                         xauth_bin,
                         display);
  if ((xauth_output = popen (tmp, "r")) == NULL)

--------

      cmd[i] = g_strdup ("/bin/su"); i++;
      if (context->login_shell)
        {
          cmd[i] = g_strdup ("-"); i++;
        }
      cmd[i] = g_strdup (context->user); i++;
      if (context->keep_env)
        {
          cmd[i] = g_strdup ("-p"); i++;
        }
      cmd[i] = g_strdup ("-c"); i++;

      /* needs to get X authorization prior to running the program */
      cmd[i] = g_strdup_printf ("%s \"%s\"", auxcommand,
                                context->command); i++;

      cmd[i] = NULL;

      /* executes the command */
      if (execv (cmd[0], cmd) == -1)
        {
          fprintf (stderr,
                   "Unable to run /bin/su: %s",
                   strerror(errno));
        }

-----------

Such a terrible practice. When is someone going to write "exec()
considered harmful"?

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/298217

Title:
  no second attempt and no feedback when wrong password entered

Status in “libgksu” package in Ubuntu:
  Confirmed
Status in “sudo” package in Ubuntu:
  Invalid
Status in “libgksu” source package in Lucid:
  Fix Released
Status in “sudo” source package in Lucid:
  Invalid
Status in “libgksu” source package in Maverick:
  Fix Released
Status in “sudo” source package in Maverick:
  Invalid
Status in “libgksu” source package in Natty:
  Confirmed
Status in “sudo” source package in Natty:
  Confirmed
Status in “libgksu” package in Debian:
  New

Bug description:
  When starting, for example, Synaptic Package Manager, the password
  dialog that is presented only allows one attempt. If the wrong
  password is entered, the dialog simply disappears, and nothing else
  happens. This is confusing, and also annoying, since I then have to go
  through the menus again to selecte Synaptic a second time.

  LAST TESTED: gksu 2.0.2-2ubuntu2 (10.04 LTS)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libgksu/+bug/298217/+subscriptions

More information about the foundations-bugs mailing list