Security fix for DDRescue-GUI v1.7.1 on Wayland has been released.

Written for DDRescue-GUI by Hamish McIntyre-Bhatty on 2018-01-03

Firstly, I want to apologise. These kinds of problems are exactly the kind I’ve tried very hard to avoid, and I’m sorry that this mistake made it into a release. As annoyed as I am about this, I feel it is very important to be absolutely transparent about such matters, so the detail of the bug and the solution is below.

Now, onto the detail: If you were running DDRescue-GUI or WxFixBoot on Wayland, I had to make a workaround to allow it to run. This is because these application run a GUI as root, which Wayland doesn’t allow by default. I fully intent to rectify this issue in the next releases by only escalating privileges when required, and better isolating those bits of the program(s). As a temporary fix, the program would change this setting, and then change it back as soon as it was closed. However, due to an oversight on my part, the workaround was not disabled on closing the program.

A reboot would fix the issue, as the setting is reset on power up, but nevertheless I consider this to be an important problem. I noticed the issue yesterday evening, and I’m currently fixing it for both programs, and I will write a blog post with more details shortly.

In the mean time, please reboot any system you were running either DDRescue-GUI or WxFixBoot on, and please immediately update the programs to the newest versions. Note that if you are running on Xorg, or DDRescue-GUI versions prior to v1.7.1, you are not affected.

Hamish McIntyre-Bhatty

Updated on 2018-01-03.

Read all announcements