Announcement

**Melcar** · May 26, 2022, 05:07 PM

Will try that when I fire up my machine this weekend. From what I gather that workaround is actually something you would want in terms of security.

Code:

> The issue can be worked around by adding /etc/sudoers.d/kdesu with the
> contents
>
> Defaults!/usr/lib/*/libexec/kf5/kdesu_stub !use_pty

Comment #13 on the KDE bug report:

My 2c is this is something that KDE *should* fix in kdesu because it means that kdesu has been taking advantage of an exploit in sudo for years, perhaps decades. Basically, it's the same mechanism that the CVE exploits, and that's not a good thing. To use a security hole for functionality sake, even if unknown at the time, is generally bad practice.

**acheron** · May 27, 2022, 05:30 AM

This is now fixed in Kinetic and backports PPA. Will try to get the fix into jammy main archive updates soon as well

**Snowhog** · May 27, 2022, 07:19 AM

Originally posted by acheron View Post

This is now fixed in Kinetic and backports PPA.

Removed the workaround (post #30) and activated the backports PPA. Over 300+ updated packages, and afterwards, the password is accepted in Muon Package Manager when accessing Configure Software Sources. Life is good.

**Melcar** · May 28, 2022, 08:24 AM

I can confirm this is fixed with the latest backports update. After the update a new file is created in /etc/sudoers.d (which is basically what the posted workaround instructs to do). All affected applications seem to work with no issues.

**Snowhog** · May 28, 2022, 08:57 AM

Originally posted by acheron View Post

This is now fixed in Kinetic and backports PPA

"Fixed". The fix merely incorporates the 'workaround' you identified in the bug report. Is a 'workaround' really a 'fix'? Is the underlying issue (
"It appears that kdesu fails to cope with the sudo config CVE fix in this commit: https://salsa.debian.org/sudo-team/s...9f2562e7f3d751") going to be addressed?

**NoWorries** · May 29, 2022, 05:56 AM

I am having the same problem on Kinetic 22.10 with muon not showing the Main Toolbar with Settings and I have found that /etc/sudoers.d/kdesu-sudoers has the contents

Code:

Defaults!/usr/lib/*/libexec/kf5/kdesu_stub !use_pty

I copied this file to kdesu and muon still does not allow Settings to be accessed. I only get the Main Toolbar with Settings by doing sudo muon.

**walfin** · Jun 05, 2022, 08:25 AM

I have a fresh install and am also facing this bug. Jammy is the 1st time I'm getting this and I've never had this before (believe previously it was always using pkexec and not kdesu). I've been a kubuntu user for more than 10 years.

**daemon** · Jul 08, 2022, 04:53 AM

Same problem here + more irrelevant to this. Abysmal QA. As cool as KDE and Kubuntu are, I wonder why they include software that they are not able or care to test? It would be better to just release a minimal desktop that works 99.999% and leave all other untested / unmaintained software out of the default install.

Update - So I added the backports ppa and did an update and upgrade and at least this issue is now fixed. However I am not happy at all. Because now I became subject to all the continuously evolving changes of packages - including disruptive UI and end user changes in general. This is not LTS!

**walfin** · Jul 15, 2022, 09:40 PM

Why is muon unmaintained? It is very useful in some ways as Discover does not have the same functionality e.g. apt-purge, installing dev libraries and various specific packages, etc.

**walfin** · Jul 15, 2022, 09:41 PM

Confirmed, solution here working: https://bugs.debian.org/cgi-bin/bugr...gi?bug=1011624

Kindly patch upstream.

Announcement

Password issue with Muon Package Manager

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment