Elevated Do/Undo Command Fixes

[Nonary]

Description

Adds support for executing do/undo commands (safely) with elevation prompts.

If users prefer to make their system vulnerable by disabling the prompts, they can add a registry key called UnsafeElevation under HKLM/LizardByte/Sunshine with a value of 1.

When doing that, it will launch the commands under system and inform the user (via logs) that they are vulnerable to exploits.

Issues Fixed or Closed

#1117

Type of Change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Dependency update (updates to dependencies)
• Documentation update (changes to documentation)
• Repository update (changes to repository files, e.g. .github/...)

Checklist

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have added or updated the in code docstring/documentation-blocks for new or existing methods/components

Branch Updates

LizardByte requires that branches be up-to-date before merging. This means that after any PR is merged, this branch
must be updated before it can be merged. You must also
Allow edits from maintainers.

• I want maintainers to keep my branch updated

[KuleRucket]

By default in Linux sunshine runs as an unprivileged user because it is launched as a systemd --user service. Because of this, the warning in run_unprivileged() saying run unprivileged is not supported does not make sense.

[KuleRucket]

In fact, all of this run_privileged/run_unprivileged business should be a Windows only feature and should not be generalised into common.h for all platforms. If you want to run a privileged command in Linux you would run it with sudo and configure the behaviour in sudoers. You should not handle this within the sunshine application.

[Nonary]

By default in Linux sunshine runs as an unprivileged user because it is launched as a systemd --user service. Because of this, the warning in run_unprivileged() saying run unprivileged is not supported does not make sense.

Good idea, can you put in a pull request for that please?

[Nonary]

In fact, all of this run_privileged/run_unprivileged business should be a Windows only feature and should not be generalised into common.h for all platforms. If you want to run a privileged command in Linux you would run it with sudo and configure the behaviour in sudoers. You should not handle this within the sunshine application.

I'm just following the existing code sir.

I realize it's a dumb idea, but it's already done this way.

I don't really have the time to fix it, I've already spent hours on fixing this issue anyway. I'd encourage others to spent time to optimize it though:

[Nonary]

My point here is there's a lot in the codebase for Sunshine that doesn't make sense and could be done better. However that's not my focus right now, my main goal is to fix security exploits and to keep the code as consistent with the original code as possible.Furthermore, it is best practice to keep pull requests focusing on one thing at a time. A refactor should be a separate pull request.

[ReenigneArcher]

I believe those comments were added by cameron when he added the ability to execute commands in the context of the logged in user in #600 , instead of as the SYSTEM user. His skill is lightyears beyond mine so I didn't question it.

[Nonary]

This is obsolete and will be replaced with #1123