By default, Bugzilla does not search the list of RESOLVED bugs.
You can force it to do so by putting the upper-case word ALL in front of your search query, e.g.: ALL tdelibs
We recommend searching for bugs this way, as you may discover that your bug has already been resolved and fixed in a later release.
Bug 2286 - Fedora 21: 'Keep password' check box is not available in tdesu dialog
Summary: Fedora 21: 'Keep password' check box is not available in tdesu dialog
Status: ASSIGNED
Alias: None
Product: TDE
Classification: Unclassified
Component: tdebase (show other bugs)
Version: R14.0.x [Trinity]
Hardware: Other Linux
: P5 normal
Assignee: Francois Andriot
URL:
Depends on:
Blocks:
 
Reported: 2014-12-29 19:27 CST by Darrell
Modified: 2018-05-27 10:48 CDT (History)
4 users (show)

See Also:
Compiler Version:
TDE Version String:
Application Version:
Application Name:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Darrell 2014-12-29 19:27:15 CST 
The 'Keep password' check box is not available in Fedora 21/R14. The check box is available in R14 in Slackware 14.1. I don't know whether the missing check box is related to pkexec, systemd, pamd etc. Slackware does not use those.
Comment 1 Francois Andriot 2014-12-31 04:39:21 CST 
Funny, I did not even know there was a "keep password" option in tdesu, because I've never seen it :-)

It looks like the checkbox is visible only if "tdesud" daemon is run with "setuid" bit.
Some the quick fix should be: chmod 2755 /opt/trinity/bin/tdesud


BTW:
There is some funny code in "tdebase/tdesu/tdesud/CMakeLists.txt" that runs chown/chmod commands to install the tdesud binary.
I think we should use the keyword "SETUID" in the "tde_add_executable" macro instead. There are other examples of setuid programs in tdebase (kcheckpass ...)

I also need to fix the SPEC file accordingly for RPM packages.
Comment 2 Francois Andriot 2014-12-31 04:46:56 CST 
To be more precise:
tdesud is supposed to be "setgid", not "setuid", and belonging to group "nobody".

I see this is disabled on purpose in RPM Spec file; now I think I remember this was disabled on purpose on Fedora because it was considered a security issue. 

Google gives some old discussions about it, e.g:
http://lists.kde.org/?l=kfm-devel&m=99284543029553&w=2

It's not just a matter of packaging after all.
Comment 3 Slávek Banko 2014-12-31 06:57:28 CST 
(In reply to Francois Andriot from comment #2)
> To be more precise:
> tdesud is supposed to be "setgid", not "setuid", and belonging to group
> "nobody".
> 
> I see this is disabled on purpose in RPM Spec file; now I think I remember
> this was disabled on purpose on Fedora because it was considered a security
> issue. 
> 
> Google gives some old discussions about it, e.g:
> http://lists.kde.org/?l=kfm-devel&m=99284543029553&w=2
> 
> It's not just a matter of packaging after all.

Thank you for the clarification of the reason for setgit + nogroup!
Comment 4 Darrell 2014-12-31 13:34:01 CST 
>tdesud is supposed to be "setgid", not "setuid", and belonging to group
>"nobody".
Okay, thank you. Manually updating does fix the problem. For now. How should this be addressed in the future? I am sure users who want this feature prefer not to have to manually fix this with with every release update.