Not listing

[Techno-Fox]

Technical information

Using version:

• master (running from GitHub-published source code, currently v3.0.0-pre)
• [x ] latest (latest release, currently v2.2.2)
• vX.X.X (specify other version)

Running on:

• Linux
• Windows
• macOS

How comfortable you are with your system and/or IT in general:

• I'm kind of lost, honestly
• I know what's up, I could help you run some commands or checks
• My machine is fully under my control, tell me what you need
• I attended Defcon last year

---

Problem

(Write your report here)
I was playing around a bit, and I found some interesting problems.
The first being that when I go from a normal user shell to a root shell (su - or sudo -i) file File Browser doesn't follow. It instead just displays the last directory that the user shell had. However, I can go show disks, go to my root directory and even read files from my root directory as a normal user from the File Browser (Security bug?).

In short. File Browser can enter root directory, and read root files as normal user, but doesn't follow when I elevate the user shell to a root shell.

[GitSquared]

The concept of "elevating" the shell is an approximation, what you're really doing is creating a sub shell with different process permissions. eDEX can't track that and instead keeps following the parent shell which obv doesn't move anymore, since you're not interacting with it.
This is also why when you exit your elevated shell you drop back to the previous, normal user one.

Regarding the possible security issue, i take these matters very seriously, so i tried to reproduce the bug...

So, in clockwise order if you're reading this on desktop, clicking the "root" folder in the filesystem display executes a cd command in your shell (because the edex widget follows your shell, so its basically just a shortcut for writing cd commands yourself...).
That command fails since I'm logged in as a normal user with no read perms on /root.

Second screenshot, I thought maybe you somehow got the widget to follow your elevated shell, so I explicitly made it try to read /root. It failed, and, third screenshot, the whole widget crashed.

Please double-check the permissions on your root folder. You should see drwxr-x--- on the root folder if you ls -al /.

[Techno-Fox]

For some reason my root directory was drwxr-xr-x. My bad. However, while I'm no web developer (I'm more low level, like C/C++, etc.). However, If the need arises for a root shell. Then the file display manager won't work, unless started as root (which is a bad idea)? So instead someone would have to use sudo to run root programs in eDEX if they value the file display.

P.S. Sorry if I wasted your time. Personally I feel i just learned a good bit about how eDEX works. Also sorry about the bug issue. I must've messed up a chmod command. I would like to help on the project, but the only thing to web development programming I have is Golang, and the only languages I see used are JavaScript, CSS, and HTML.

[GitSquared]

Then the file display manager won't work, unless started as root (which is a bad idea)? So instead someone would have to use sudo to run root programs in eDEX if they value the file display.

As far as I'm concerned, using a privileged shell for more than a minute is in itself a bad idea, but I guess everyone's security practices are different...

Sorry if I wasted your time.

No problem, you did not! Apologies if I sound maybe a bit cold when debugging things. I'm just in the thick of it ;-)

I would like to help on the project, but the only thing to web development programming I have is Golang, and the only languages I see used are JavaScript, CSS, and HTML.

It's the intention that counts! If you haven't already you can check #769 where I list all the ways cool folks like you can help support this project.

[Techno-Fox]

Thx. I'll look at the link, but give some time for me to study the project. I also have real life to deal with.

[GitSquared]

That's.... what the link is about, mostly.