Packages

  • Status Unconfirmed
  • Percent Complete
    0%
  • Task Type Security Issue
  • Category Any
  • Assigned To No-one
  • Operating System All
  • Severity Critical
  • Priority Very Low
  • Reported Version Any
  • Due in Version Undecided
  • Due Date Undecided
  • Votes
  • Private
Attached to Project: Packages
Opened by winter - 28/09/2018
Last edited by André Silva - 30/09/2018

FS#1208 - [octopi] requires su

would it be possible to make it use sudo instead?

From what I know, sudo is safer. Let me know if you agree this is a problem.

fablamar commented on 29.09.2018 10:00

You need to configure gksu-properties I think.
Open a terminal and type :

gksu-properties

then pick "sudo" instead of "su" in the menu.
Now octopi should ask for sudo password.

By the way ! There is a huge privacy issue in octopi.
In Tools, there is this stuff : Sysinfo → ptpb.pw

which uploads system information to this server "ptpb.pw" without confirmation or anything.. This should be either removed or at least a confirmation prompt should exist.

fablamar commented on 29.09.2018 10:38

According to the octopi source code :

src/globals.cpp
240: * Generates SysInfo file and paste it to ptpb site
255: QString ptpb = UnixCommand::getCommandOutput("curl -F c=@- https://ptpb.pw/?u=1", tempFile→fileName());
256: return ptpb;

It uploads system log through : curl -F c=@- https://ptpb.pw/?u=1

As you can read on https://ptpb.pw/#id7

It returns only the url without "uuid" so you can't delete the uploaded log.. like this for example :

curl -X DELETE https://ptpb.pw/17c5829d-81a0-4eb6-8681-ba72f83ffbf3

fablamar commented on 29.09.2018 10:47

I opened a bug for this particular issue.

fablamar commented on 29.09.2018 11:09

With gksu-properties

setting sudo instead of su is not enough unfortunately.

I think being able to selet "gksudo" in octopi menu : Tools > Options > SU Tool should solve the issue but for some reason, I can only select the following methods :

automatic
gksu

So the issue is still present.

winter commented on 30.09.2018 00:31

"You need to configure gksu-properties I think.
Open a terminal and type :

gksu-properties

then pick "sudo" instead of "su" in the menu.
Now octopi should ask for sudo password.

By the way ! There is a huge privacy issue in octopi.
In Tools, there is this stuff : Sysinfo → ptpb.pw

which uploads system information to this server "ptpb.pw" without confirmation or anything.. This should be either removed or at least a confirmation prompt should exist."

This helps. But shouldn't it be this way by default?

Date User Effort (H:M)

Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing