Packages

  • Status Closed
  • Percent Complete
    100%
  • Task Type Security Issue
  • Category Any
  • Assigned To
    Tobias Dausend
  • Operating System All
  • Severity High
  • Priority Very Low
  • Reported Version Any
  • Due in Version Undecided
  • Due Date Undecided
  • Votes
  • Private
Attached to Project: Packages
Opened by winter - 28/09/2018
Last edited by Tobias Dausend - 22/01/2022

FS#1208 - [octopi] requires su

would it be possible to make it use sudo instead?

From what I know, sudo is safer. Let me know if you agree this is a problem.

Closed by  Tobias Dausend
22.01.2022 04:14
Reason for closing:  Won't fix
Additional comments about closing:  

Due to raised incompatible API-calls with our version of pacman (hyperman) and the one Arch Linux is providing we cannot provide the package octopi and therefore any further issue combined towards that is not solvable for now. If you have more information for us to support, please open a new issue providing them.

fablamar commented on 29.09.2018 10:00

You need to configure gksu-properties I think.
Open a terminal and type :

gksu-properties

then pick "sudo" instead of "su" in the menu.
Now octopi should ask for sudo password.

By the way ! There is a huge privacy issue in octopi.
In Tools, there is this stuff : Sysinfo → ptpb.pw

which uploads system information to this server "ptpb.pw" without confirmation or anything.. This should be either removed or at least a confirmation prompt should exist.

fablamar commented on 29.09.2018 10:38

According to the octopi source code :

src/globals.cpp
240: * Generates SysInfo file and paste it to ptpb site
255: QString ptpb = UnixCommand::getCommandOutput("curl -F c=@- https://ptpb.pw/?u=1", tempFile→fileName());
256: return ptpb;

It uploads system log through : curl -F c=@- https://ptpb.pw/?u=1

As you can read on https://ptpb.pw/#id7

It returns only the url without "uuid" so you can't delete the uploaded log.. like this for example :

curl -X DELETE https://ptpb.pw/17c5829d-81a0-4eb6-8681-ba72f83ffbf3

fablamar commented on 29.09.2018 10:47

I opened a bug for this particular issue.

fablamar commented on 29.09.2018 11:09

With gksu-properties

setting sudo instead of su is not enough unfortunately.

I think being able to selet "gksudo" in octopi menu : Tools > Options > SU Tool should solve the issue but for some reason, I can only select the following methods :

automatic
gksu

So the issue is still present.

winter commented on 30.09.2018 00:31

"You need to configure gksu-properties I think.
Open a terminal and type :

gksu-properties

then pick "sudo" instead of "su" in the menu.
Now octopi should ask for sudo password.

By the way ! There is a huge privacy issue in octopi.
In Tools, there is this stuff : Sysinfo → ptpb.pw

which uploads system information to this server "ptpb.pw" without confirmation or anything.. This should be either removed or at least a confirmation prompt should exist."

This helps. But shouldn't it be this way by default?

Date User Effort (H:M)

Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing