# anydesk could be started only as root



## susannej (May 16, 2019)

Hello all,

I use deskutils/anydesk on my machines, but now I have a FreeBSD 12.0-p3 Box, installed with sddm and kde/plasma, where I'm only able to start anydesk, if I'm root. 
I'll have a look on another machine (but it will take some time to get my hands on it), where I've kde/gnome etc. installed, where I could start it as a normal user - I think.

(setuid doesn't work, because it's a gtk-app.)

Do I miss something or does the behaviour changed in the past?

Thanks in advance!
susanne.


----------



## mfaridi (May 16, 2019)

PLease put some logs here. you can see or watch your log ass root user.
use this link too,








						Log files
					

Today I was messing around with one of my test machines until it hung and then rebooted. After reboot, which log files should I definitely check?




					forums.freebsd.org
				



and this link too,








						location of xorg.conf ?
					

I have an active xserver, but am not clear where it gets its configuration directives from.  Looking around the filesystem, I do:   $ sudo find / -name xorg /usr/local/share/X11/xkb/rules/xorg /usr/local/include/xorg /usr/local/lib/xorg /usr/ports/x11/xorg $ sudo find / -name xorg.conf $ sudo...




					forums.freebsd.org


----------



## susannej (May 16, 2019)

Thanks for your reply! I wish I could offer some logs for the problem... but there's nothing in the logs and I know no command switch for anydesk like -v or something else...


----------



## Phishfry (May 16, 2019)

I wonder how doas(1) would work in this case.
No idea about your application but I use it for networkmgr and it works well for that.(needs root)

You will need to create a /usr/local/etc/doas.conf with the services you need.
Here is that file for networkmgr. Maybe you could modify it to suit.

```
permit nopass keepenv root
permit :wheel
permit nopass keepenv :wheel cmd netcardmgr
permit nopass keepenv :wheel cmd ifconfig
permit nopass keepenv :wheel cmd service
```
Instead of netcardmgr and ifconfig you would need services related to anydesk.


----------



## Phishfry (May 16, 2019)

Looking around the internet it seems there are security concerns regarding this application.
"Anydesk exploited to spread ransomeware"
I would tread very carefully here.


			https://www.scmagazine.com/home/security-news/ransomware/blackheart-ransomware-uses-legit-anydesk-tool-as-an-unwitting-accomplice/


----------



## Phishfry (May 16, 2019)

Seeing how this application was exploited I would be weary using it. Especially if you are seeing new behavior.
Remember that our ports system is not immune.
Root needed on a program that has been exploited in the past sounds pretty bad where I am sitting.


----------



## Phishfry (May 16, 2019)

I hate to make unfounded accusations about any program.

The bad thing is a Remote Desktop Program has to have hooks into your hardware.
That is a threat right there but why would they need root to use the hardware (framebuffer, keyboard,mouse).
TightVNC doesn't need root.

Something like that should have been in the UPDATING notes. That is where I would start my investigation.
I might contact the port maintainer and ask him if he know anything about root needed.


----------



## Phishfry (May 16, 2019)

OK looking at the pkg-message: deskutils/anydesk/


> Since Version 2.9.1 the following prerequisites have to be met:
> 
> 1. You need a mounted /proc directory. Either mount it manually or add it to your /etc/fstab file:
> fstab: proc /proc procfs rw 0 0
> ...



So instead of manually running kld mqueuefs (as root)
Why not try in /etc/rc.conf
*kld_list="mqueuefs"*

That will load the module on boot and maybe you can start anydesk as a regular user.


----------



## susannej (May 16, 2019)

Wow, many thanks Phishfry  

I'm using anydesk a while and it's really easy to get an adhoc connection to another (well-known) machine. I would bet, that on my other one, there is no need to be root to execute the application (I'll will have a look this evening). But maybe, that's an older version, because I think there was no need to load the mqueuefs module.

I was hoping anyone here knows something, if something has changed for anydesk on freebsd ... it was a bit annoying to see, that it wouldn't run as an ordinary user... still hoping I made a mistake.


----------



## Phishfry (May 16, 2019)

Somebody needs to contact the port maintainer.
Telling people to load a module as root is not good. They should show the automatic method too.
Sorry for the noise. Be careful out there. Its a wild wild internet.
.
Append to pkg-message
auto load: sysrc kld_list+=mqueuefs


----------



## jdrch (Mar 17, 2020)

Phishfry said:


> Looking around the internet it seems there are security concerns regarding this application.
> "Anydesk exploited to spread ransomeware"
> I would tread very carefully here.
> 
> ...



Per the source link, it's not that AnyDesk itself is infected, but rather that RANSOM_BLACKHEART bundles both the legitimate program and the malware together, apparently using the former to hide the latter.

Also, the problem appears to affect Windows systems only.


----------

