- Status Closed
- Percent Complete
- Task Type Security Issue
- Category Any
-
Assigned To
tobias - Operating System All
- Severity High
- Priority Very Low
- Reported Version Any
- Due in Version Undecided
-
Due Date
Undecided
- Votes
- Private
FS#1208 - [octopi] requires su
would it be possible to make it use sudo instead?
From what I know, sudo is safer. Let me know if you agree this is a problem.
Closed by tobias
22.01.2022 04:14
Reason for closing: Won't fix
Additional comments about closing:
22.01.2022 04:14
Reason for closing: Won't fix
Additional comments about closing:
Due to raised incompatible API-calls with our
version of pacman (hyperman) and the one
Arch Linux is providing we cannot
provide the package octopi and therefore
any further issue combined towards that
is not solvable for now. If you have
more information for us to support,
please open a new issue providing
them.
Loading...
Available keyboard shortcuts
- Alt + ⇧ Shift + l Login Dialog / Logout
- Alt + ⇧ Shift + a Add new task
- Alt + ⇧ Shift + m My searches
- Alt + ⇧ Shift + t focus taskid search
Tasklist
- o open selected task
- j move cursor down
- k move cursor up
Task Details
- n Next task
- p Previous task
- Alt + ⇧ Shift + e ↵ Enter Edit this task
- Alt + ⇧ Shift + w watch task
- Alt + ⇧ Shift + y Close Task
Task Editing
- Alt + ⇧ Shift + s save task
You need to configure gksu-properties I think.
Open a terminal and type :
gksu-properties
then pick "sudo" instead of "su" in the menu.
Now octopi should ask for sudo password.
By the way ! There is a huge privacy issue in octopi.
In Tools, there is this stuff : Sysinfo → ptpb.pw
which uploads system information to this server "ptpb.pw" without confirmation or anything.. This should be either removed or at least a confirmation prompt should exist.
According to the octopi source code :
src/globals.cpp
240: * Generates SysInfo file and paste it to ptpb site
255: QString ptpb = UnixCommand::getCommandOutput("curl -F c=@- https://ptpb.pw/?u=1", tempFile→fileName());
256: return ptpb;
It uploads system log through : curl -F c=@- https://ptpb.pw/?u=1
As you can read on https://ptpb.pw/#id7
It returns only the url without "uuid" so you can't delete the uploaded log.. like this for example :
curl -X DELETE https://ptpb.pw/17c5829d-81a0-4eb6-8681-ba72f83ffbf3
I opened a bug for this particular issue.
With gksu-properties
setting sudo instead of su is not enough unfortunately.
I think being able to selet "gksudo" in octopi menu : Tools > Options > SU Tool should solve the issue but for some reason, I can only select the following methods :
automatic
gksu
So the issue is still present.
"You need to configure gksu-properties I think.
Open a terminal and type :
gksu-properties
then pick "sudo" instead of "su" in the menu.
Now octopi should ask for sudo password.
By the way ! There is a huge privacy issue in octopi.
In Tools, there is this stuff : Sysinfo → ptpb.pw
which uploads system information to this server "ptpb.pw" without confirmation or anything.. This should be either removed or at least a confirmation prompt should exist."
This helps. But shouldn't it be this way by default?