webcamoid
webcamoid copied to clipboard
webcamoid
webcamoid 9.0.0 cant add virtual camera using pkexec
[00007f96f0c822b0] main decoder error: failed to create video output
[2022-04-13 11:03:36.017, Webcamoid, 0x7f974b9f27c0, (0)] debug: pkexec --version |
--help |
--disable-internal-agent |
[--user username] PROGRAM [ARGUMENTS...]
See the pkexec manual page for more details.
App: webcamoid-portable-linux-9.0.0-x86_64 OS: Ubuntu 20.04 pkexec version 0.105
previous version (8.6.1) works fine with it. fount same error: https://www.mail-archive.com/[email protected]/msg1845604.html
@hipersayanX
$ echo "echo Hello world" | pkexec
pkexec --version |
--help |
--disable-internal-agent |
[--user username] PROGRAM [ARGUMENTS...]
See the pkexec manual page for more details.
Ok, passing the commands through the stdin works perfectly fine in Arch, doesn't work in Debian derivatives, I can then write the commands to a script fine, but then Debian users will be exposed to a security risk, I can then maybe write a command just for updating the virtual camera settings and call it with pkexec, but don't expect it until maybe hopefully next year because there are no other developers working on the project. What should I do then? :angry:
In the meantime is there a way we can create the virtual camera by hand? I was poking around in the source but I'm not nearly smart enough to figure that out. Otherwise for many this will be useless until it's resolved.
Ok, the solution was a lot much simpler than I've thought in the beginning. Its just calling
echo "echo Hello world" | pkexec /bin/sh
pkexec in Arch called /bin/sh by default.
echo "echo Hello world" | pkexec /bin/sh
Hello world
works fine! @hipersayanX
This issue needs addressing. Firstly, let me explain the difference between pkexec behaviour in Debian (and derivatives like Ubuntu) versus the PolicyKit/polkit project upstream (which Arch and some others follow).
Debian ceased tracking upstream PolicyKit some time (2013) ago when the project decided to change the configuration system to use executable Javascript code and to bundle Mozilla's SpiderMonkey Javascript engine into polkit. As you can imagine SpiderMonkey is a large body of code.
Debian maintainers were unhappy that the most vital security tooling (polkit) had a dependency on SpiderMonkey due to its complexity and the expectation that it is very likely to suffer bugs that could allow a system to be compromised. As a result Debian effectively forked and froze polkit before upstream added SpiderMonkey at version 0.105 whilst back-porting upstream changes that don't involve the Javascript configuration system.
Other distributions also have concerns about depending on SpiderMonkey (Gentoo bug, forum, Solus, NixOS).
In pre-SpiderMonkey PolicyKit if you wanted to execute a shell script you must specifically write the complete command-line argument that way, e.g. pkexec /usr/bin/bash -c 'echo hello' not pkexec echo hello.
In upstream polkit, if the command line arguments passed to pkexec are empty it obtains the path to the correct shell to use from the user's shell field in passwd. This was added in 2014.
The solution here is to always use @hipersayanX's suggestion above:
su.start(sudoBin, QStringList {"/bin/sh"});
It should be safe to do this across the entire range of (Unix-like) platforms (GNU/Linux, Android, Mac) since even if the target uses upstream polkit the command will work correctly.
I recommend we adopt this since it won't cause regressions for systems using upstream polkit but it will solve the issue for users of Debian, Ubuntu and their derivatives.
@iam-TJ I usually prefer distros to follow upstream, but looking at your explanation, they are actually right. Anyway it was not a big deal to fix that.