X-Loop: help-debbugs@HIDDEN
Subject: bug#57071: Xscreensaver not working since latest patch
Resent-From: Rick Huijzer <ikbenrickhuyzer@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Tue, 09 Aug 2022 10:28:02 +0000
Resent-Message-ID: <handler.57071.B.166004088024979 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: report 57071
X-GNU-PR-Package: guix
X-GNU-PR-Keywords:
To: 57071 <at> debbugs.gnu.org
X-Debbugs-Original-To: bug-guix@HIDDEN
Received: via spool by submit <at> debbugs.gnu.org id=B.166004088024979
(code B ref -1); Tue, 09 Aug 2022 10:28:02 +0000
Received: (at submit) by debbugs.gnu.org; 9 Aug 2022 10:28:00 +0000
Received: from localhost ([127.0.0.1]:42618 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1oLMSt-0006Uh-C6
for submit <at> debbugs.gnu.org; Tue, 09 Aug 2022 06:28:00 -0400
Received: from lists.gnu.org ([209.51.188.17]:41936)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <ikbenrickhuyzer@HIDDEN>) id 1oLKEH-0000Z9-2g
for submit <at> debbugs.gnu.org; Tue, 09 Aug 2022 04:04:48 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:51038)
by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ikbenrickhuyzer@HIDDEN>)
id 1oLKEE-0005Yg-Va
for bug-guix@HIDDEN; Tue, 09 Aug 2022 04:04:44 -0400
Received: from mail-ej1-x629.google.com ([2a00:1450:4864:20::629]:35787)
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
(Exim 4.90_1) (envelope-from <ikbenrickhuyzer@HIDDEN>)
id 1oLKEA-0003zq-JQ
for bug-guix@HIDDEN; Tue, 09 Aug 2022 04:04:42 -0400
Received: by mail-ej1-x629.google.com with SMTP id a7so20861657ejp.2
for <bug-guix@HIDDEN>; Tue, 09 Aug 2022 01:04:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
h=to:subject:message-id:date:from:mime-version:from:to:cc;
bh=JJB6qutlG1s1+XNJwjY8lbiSMfCLJUtQxW5/PCaPA3E=;
b=D76fsGTNJcWuKjayxKZpn19zzcKSgJPX5yP4kJBn3Pj6pr8KZDXKtp8ftXZhUgPzSl
N3Fb9tfh9GoL+hgqMwhWIGiRCvg8pJkrzAHhmtyzNCZgNGqWw2eUF9ciJKz+fPEcgph1
LBKyzmAVBY5id0m89bRV5PLoOe1h96FRjOFV3iYUUz8/2TF/2aGd6doCAHw7zkCj4+l/
tDEFBmqQ2p3Rmef/pGdoDZaheV1jJIox25Sepk97ilYSmf0BQIRPH5McUXEZCRaYtvT0
Pf5e0c3pzGa2icJEYG5XYg8W0rlsCjXNxcm24DVqzIsxP2isWgaC39s7hm3AREam60dx
7WWw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=to:subject:message-id:date:from:mime-version:x-gm-message-state
:from:to:cc;
bh=JJB6qutlG1s1+XNJwjY8lbiSMfCLJUtQxW5/PCaPA3E=;
b=VbBsAPZ2/qqnoZK1z741M2FR6uDTXRdfwQgU1gxgYtKvRh9w2kNqm+cTomXhB7Dety
H3vK9kUVcklh8xvcfHcZNqf61sKtf8MZWIgJtat2PZ4XLXAX2SgFwbN08lvo8tRb6T6f
OtekqYu4D+2dMWfaADqnmm5eckv4URcKEDTdXnJff+Dtnc0cm1CgevseJsQFrti83qLU
B40PXH3FxSQjHBKiJvUZ92D+q6WyXCSYjQxrjUW+sC3X8PuK8Xahu58J3rqGZs40Jimc
IsDMcKWrFeugX1hDxA2+MT90YJX1APdT9HbCAWcHwzBIPDtTQrA7+XHj9NHIfHbrCNxU
m5lQ==
X-Gm-Message-State: ACgBeo1R3NVyNOtDwt6u/mmjU/bzh0Q64Rm+UrOTwCmNCob4X642Vnmy
U6SP5l5f5A9rD4cOhJTFWwZfjT8hn1ml2ucF2aOS8WJI
X-Google-Smtp-Source: AA6agR711ypRAn4vQRaaX3GVDsM1VkmXGGRKF/tqucwv049xXKZynQ+MQlMPQdzA9eKHJE36i4C5ueH44ZR3XILmQ+g=
X-Received: by 2002:a17:906:ef8c:b0:730:e4e0:1f69 with SMTP id
ze12-20020a170906ef8c00b00730e4e01f69mr14887129ejb.113.1660032268225; Tue, 09
Aug 2022 01:04:28 -0700 (PDT)
MIME-Version: 1.0
From: Rick Huijzer <ikbenrickhuyzer@HIDDEN>
Date: Tue, 9 Aug 2022 10:04:17 +0200
Message-ID: <CAGXOz9a6Kq5e69cwsHwDcDVvk1+_FMZPQN9A7kGs5F3iqbTApg@HIDDEN>
Content-Type: multipart/alternative; boundary="000000000000a9d40205e5ca615f"
Received-SPF: pass client-ip=2a00:1450:4864:20::629;
envelope-from=ikbenrickhuyzer@HIDDEN; helo=mail-ej1-x629.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.3 (-)
X-Mailman-Approved-At: Tue, 09 Aug 2022 06:27:56 -0400
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.3 (--)
--000000000000a9d40205e5ca615f
Content-Type: text/plain; charset="UTF-8"
Hi,
The latest xscreensaver patch <https://issues.guix.gnu.org/56597> rendered
xscreensaver unusable on my systems. When I try to unlock my screen I am
greeted with the message 'xscreensaver: don't login as root', even though I
don't invoke it as root.
$xscreensaver-command -lock
Aug 9 08:45:22 localhost shepherd[1]: [slim] xscreensaver-gfx: 08:45:22:
1: running as root: not launching hacks.
Aug 9 09:10:29 localhost shepherd[1]: [slim] xscreensaver-command: locking
Aug 9 09:10:32 localhost shepherd[1]: [slim] xscreensaver-gfx: 09:10:32:
0: running as root: not launching hacks.
When I remove the
(screen-locker-service xscreensaver)
I run into all kinds of set-uid problems.
I will happily provide more information if needed.
--
Met vriendelijke groet,
Rick Huijzer
--000000000000a9d40205e5ca615f
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">Hi,=C2=A0<div><br></div><div>The latest <a href=3D"https:/=
/issues.guix.gnu.org/56597" target=3D"_blank">xscreensaver patch</a>=C2=A0r=
endered xscreensaver unusable on my systems. When I try to unlock my screen=
I am greeted with the message 'xscreensaver: don't login as root&#=
39;, even though I don't invoke it as root.=C2=A0</div><div><br></div><=
div><br></div><div>$xscreensaver-command -lock<br></div><div>Aug =C2=A09 08=
:45:22 localhost shepherd[1]: [slim] xscreensaver-gfx: 08:45:22: 1: running=
as root: not launching hacks.<br>Aug =C2=A09 09:10:29 localhost shepherd[1=
]: [slim] xscreensaver-command: locking<br><div>Aug =C2=A09 09:10:32 localh=
ost shepherd[1]: [slim] xscreensaver-gfx: 09:10:32: 0: running as root: not=
launching hacks.<br></div><div><br></div><div>When I remove the=C2=A0</div=
><div>(screen-locker-service xscreensaver)<br></div><div>I run into all kin=
ds of set-uid problems.=C2=A0</div><div><br></div><div>I will happily=C2=A0=
provide more information if needed.</div><div><br></div>-- <br><div dir=3D"=
ltr" data-smartmail=3D"gmail_signature"><div dir=3D"ltr"><div><div dir=3D"l=
tr">Met vriendelijke groet,<div><br></div><div>Rick Huijzer</div><div><br><=
/div></div></div></div></div></div></div>
--000000000000a9d40205e5ca615f--
Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) Content-Type: text/plain; charset=utf-8 X-Loop: help-debbugs@HIDDEN From: help-debbugs@HIDDEN (GNU bug Tracking System) To: Rick Huijzer <ikbenrickhuyzer@HIDDEN> Subject: bug#57071: Acknowledgement (Xscreensaver not working since latest patch) Message-ID: <handler.57071.B.166004088024979.ack <at> debbugs.gnu.org> References: <CAGXOz9a6Kq5e69cwsHwDcDVvk1+_FMZPQN9A7kGs5F3iqbTApg@HIDDEN> X-Gnu-PR-Message: ack 57071 X-Gnu-PR-Package: guix Reply-To: 57071 <at> debbugs.gnu.org Date: Tue, 09 Aug 2022 10:28:03 +0000 Thank you for filing a new bug report with debbugs.gnu.org. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): bug-guix@HIDDEN If you wish to submit further information on this problem, please send it to 57071 <at> debbugs.gnu.org. Please do not send mail to help-debbugs@HIDDEN unless you wish to report a problem with the Bug-tracking system. --=20 57071: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D57071 GNU Bug Tracking System Contact help-debbugs@HIDDEN with problems
X-Loop: help-debbugs@HIDDEN
Subject: bug#57071: Xscreensaver not working since latest patch
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Tue, 09 Aug 2022 21:32:02 +0000
Resent-Message-ID: <handler.57071.B57071.16600806699626 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 57071
X-GNU-PR-Package: guix
X-GNU-PR-Keywords:
To: Rick Huijzer <ikbenrickhuyzer@HIDDEN>
Cc: r0man <roman@HIDDEN>, 57071 <at> debbugs.gnu.org
Received: via spool by 57071-submit <at> debbugs.gnu.org id=B57071.16600806699626
(code B ref 57071); Tue, 09 Aug 2022 21:32:02 +0000
Received: (at 57071) by debbugs.gnu.org; 9 Aug 2022 21:31:09 +0000
Received: from localhost ([127.0.0.1]:45328 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1oLWof-0002VC-23
for submit <at> debbugs.gnu.org; Tue, 09 Aug 2022 17:31:09 -0400
Received: from eggs.gnu.org ([209.51.188.92]:56784)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <ludo@HIDDEN>) id 1oLWod-0002Ur-Fm
for 57071 <at> debbugs.gnu.org; Tue, 09 Aug 2022 17:31:07 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:47632)
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1oLWoY-0001od-20; Tue, 09 Aug 2022 17:31:02 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To:
From; bh=hEjpbY8zv2PmpU8WUZfxS+2BjvT9JJyrK5qVFRbKFWc=; b=eWLatwZSXh/7mvaECucM
GxYcEV5P8rl8Y/hSlWqH5LnfLfJ5Oogq1b47XC/fxSt4kMJ5liUlzvjST7ublAsxKvp3eSMvwOj5J
O2Tbdn5qW0AQSwiesaRfkSbSc3+fdvCa1isyl1pEVelsj5qYXD0AM1c0JOCvD5ubfdc2IIZww3/83
AlZDpkbpE6sQ4LYb0tqh+eRpPWhdrKRsgHefV5AEijIgrWD4aCIfvnxov/VgYOgsaTPEPj6djKges
FZSBf/9p8noDqQKxKgl7rN76hSymtaqB1gjWRieH5gJZRJMpbBZic3r07M693vkI/ZbnImxktosvI
rf9XjQ9WUUPb9A==;
Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:60821
helo=ribbon)
by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1oLWoW-0005lg-HG; Tue, 09 Aug 2022 17:31:01 -0400
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
References: <CAGXOz9a6Kq5e69cwsHwDcDVvk1+_FMZPQN9A7kGs5F3iqbTApg@HIDDEN>
Date: Tue, 09 Aug 2022 23:30:58 +0200
In-Reply-To: <CAGXOz9a6Kq5e69cwsHwDcDVvk1+_FMZPQN9A7kGs5F3iqbTApg@HIDDEN>
(Rick Huijzer's message of "Tue, 9 Aug 2022 10:04:17 +0200")
Message-ID: <87zggd14vh.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
Hi Rick,
Rick Huijzer <ikbenrickhuyzer@HIDDEN> skribis:
> The latest xscreensaver patch <https://issues.guix.gnu.org/56597> rendered
> xscreensaver unusable on my systems. When I try to unlock my screen I am
> greeted with the message 'xscreensaver: don't login as root', even though=
I
> don't invoke it as root.
>
>
> $xscreensaver-command -lock
> Aug 9 08:45:22 localhost shepherd[1]: [slim] xscreensaver-gfx: 08:45:22:
> 1: running as root: not launching hacks.
> Aug 9 09:10:29 localhost shepherd[1]: [slim] xscreensaver-command: locki=
ng
> Aug 9 09:10:32 localhost shepherd[1]: [slim] xscreensaver-gfx: 09:10:32:
> 0: running as root: not launching hacks.
>
> When I remove the
> (screen-locker-service xscreensaver)
> I run into all kinds of set-uid problems.
Sorry about that, I built it during review but did not actually run it.
One effect of =E2=80=98screen-locker-service=E2=80=99 is to make the progra=
m setuid-root
so that it can authenticate users. It would seem that something changed
in xscreensaver in that area; quoth =E2=80=98driver/subprocs.c=E2=80=99:
--8<---------------cut here---------------start------------->8---
if (getuid() =3D=3D (uid_t) 0 || geteuid() =3D=3D (uid_t) 0)
/* Prior to XScreenSaver 6, if running as root, we would change the
effective uid to the user "nobody" or "daemon" or "noaccess",
but even that was just encouraging bad behavior. Don't log in
as root. */
{
fprintf (stderr, "%s: %d: running as root: not launching hacks.\n=
",
blurb(), ssi->number);
screenhack_obituary (ssi, "", "XScreenSaver: Don't log in as root=
.");
goto DONE;
}
--8<---------------cut here---------------end--------------->8---
OTOH the =E2=80=98disavow_privileges=E2=80=99 function is supposed to drop =
root
privileges early on.
So I=E2=80=99m not sure how it=E2=80=99s supposed to be run. R0man, ideas?
Thanks,
Ludo=E2=80=99.
X-Loop: help-debbugs@HIDDEN
Subject: bug#57071: Xscreensaver not working since latest patch
Resent-From: Roman Scherer <roman.scherer@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Wed, 10 Aug 2022 07:15:01 +0000
Resent-Message-ID: <handler.57071.B57071.166011569321561 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 57071
X-GNU-PR-Package: guix
X-GNU-PR-Keywords:
To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
Cc: 57071 <at> debbugs.gnu.org, Rick Huijzer <ikbenrickhuyzer@HIDDEN>
Received: via spool by 57071-submit <at> debbugs.gnu.org id=B57071.166011569321561
(code B ref 57071); Wed, 10 Aug 2022 07:15:01 +0000
Received: (at 57071) by debbugs.gnu.org; 10 Aug 2022 07:14:53 +0000
Received: from localhost ([127.0.0.1]:45851 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1oLfvZ-0005bg-Eu
for submit <at> debbugs.gnu.org; Wed, 10 Aug 2022 03:14:53 -0400
Received: from mail-ed1-f47.google.com ([209.85.208.47]:37555)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <roman.scherer@HIDDEN>) id 1oLfvU-0005bP-H6
for 57071 <at> debbugs.gnu.org; Wed, 10 Aug 2022 03:14:52 -0400
Received: by mail-ed1-f47.google.com with SMTP id b16so17897721edd.4
for <57071 <at> debbugs.gnu.org>; Wed, 10 Aug 2022 00:14:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=burningswell-com.20210112.gappssmtp.com; s=20210112;
h=mime-version:message-id:in-reply-to:date:subject:cc:to:from
:user-agent:references:from:to:cc;
bh=BZo3zzYEVsOvIYaT2ynHbmk4UtUudybjQgy92XDhoXY=;
b=QTUMu8WzomYDLihtWEDHKVmFSNYhBTLHuAxnv3dz6UoSW9pbV+Zh2CgJIDhuZW7tLw
Lsm1r7zwWEnB/Ii6gMfo0sL3CgzjHAUO+zympzkNEF0xKA/mkZ4p7E4HgAgtYglwl7bU
nWI8anOkGOcXs3YVioVY+dsMoHNtwuQibLxBjVECJc3KgkTHNNNMxGjPy3tjmsdlDsx+
AjqFX3aDIW1dDIFqNgDpFKigIAPxEhZ+bv1RSRgAeZj6aIwbwjN+ZXQd2hlYVwEbYCgC
FnOmCKI1vm6AC7MZgfKLL8G37zPj+bSAY0yGn3EU9GbTFG1OI/SiOIsR1PompVwYVgrD
48HA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=mime-version:message-id:in-reply-to:date:subject:cc:to:from
:user-agent:references:x-gm-message-state:from:to:cc;
bh=BZo3zzYEVsOvIYaT2ynHbmk4UtUudybjQgy92XDhoXY=;
b=XJo2PA9pUaAumqV2X/osIuIsRJv0H+bn6zDhLsFTxkkLqNAOLeqJ4tfHo/NMKI2jBk
W9fbBB3iCTSLKFKES/ukjtfm6LmgAbY9s2ahrHstX9RjADWlfWfVC3Xg6IUfMxXjupbK
lLrDn0L4gOC4Q96BI07uFdI3XPtq3Mz7ASTXMTpXANL/Up0nXy/0T3a/JwnEspygZeH9
exU3zOXcdEGxECeeAilHK4Jx+tAxxHn0F3GXsxnxP2rkfKwZ5cLsUulbYKY+rT8Agcw5
MutQv4P6UoLgbOcLjeRDrQtpU9gqN7kGPmRHpfg6ll3SaTW1UBPHi4IM9rhjZDQdqwt0
fbxg==
X-Gm-Message-State: ACgBeo0m5/deqEElIQLm/BaSGrY1IYUMxbBQ/2zrt8kvs359JGmNlW8Z
ek6k7Znh1SBwTemEhLBF5EcJJDRjyj96yVbC
X-Google-Smtp-Source: AA6agR516jFqXdF5BMNu6CktZTojFmdksi+NoCFyr9kFKy6mrOhbfclDN2GzwM8ltPhn40DLxdqjPw==
X-Received: by 2002:a05:6402:1159:b0:43b:bc82:5ddb with SMTP id
g25-20020a056402115900b0043bbc825ddbmr25056105edw.355.1660115682264;
Wed, 10 Aug 2022 00:14:42 -0700 (PDT)
Received: from precision (tmo-116-169.customers.d1-online.com.
[80.187.116.169]) by smtp.gmail.com with ESMTPSA id
b16-20020aa7c6d0000000b0043bb8023caesm7115463eds.62.2022.08.10.00.14.40
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Wed, 10 Aug 2022 00:14:41 -0700 (PDT)
References: <CAGXOz9a6Kq5e69cwsHwDcDVvk1+_FMZPQN9A7kGs5F3iqbTApg@HIDDEN>
<87zggd14vh.fsf@HIDDEN>
User-agent: mu4e 1.8.7; emacs 28.1
From: Roman Scherer <roman.scherer@HIDDEN>
Date: Wed, 10 Aug 2022 06:37:47 +0000
In-reply-to: <87zggd14vh.fsf@HIDDEN>
Message-ID: <87bksstvs0.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
micalg=pgp-sha256; protocol="application/pgp-signature"
X-Spam-Score: 0.0 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Hi Ludo and Rick,
sorry for the trouble. I'm running xscreensaver on a foreign distro and
did not notice this. Probably because somehow my screen wasn't locked,
but still showing random screensavers.
However, now that I tried the `xscreensaver-command -lock` command I see
a dialog with a "Password initialization failed" message.
The xscreensave logs also show this:
xscreensaver-auth: 06:45:55: OOM: /proc/99677/oom_score_adj: Permission den=
ied
xscreensaver-auth: 06:45:55: To prevent the kernel from randomly unlocking
xscreensaver-auth: 06:45:55: your screen via the out-of-memory killer,
xscreensaver-auth: 06:45:55: "xscreensaver-auth" must be setuid root.
xscreensaver-auth: 06:46:06: PAM: warning: /etc/pam.d/xscreensaver does not=
exist.
xscreensaver-auth: 06:46:06: PAM: password authentication is unlikely to wo=
rk.
xscreensaver-auth: 06:46:15: PAM: warning: /etc/pam.d/xscreensaver does not=
exist.
xscreensaver-auth: 06:46:15: PAM: password authentication is unlikely to wo=
rk.
When the dialog popped up, I had to switch to a terminal and kill
xscreensaver to be able to access my desktop again.
Should we revert it, until we figured out what's necesarry to get this
working again?
r0man
Ludovic Court=C3=A8s <ludo@HIDDEN> writes:
> Hi Rick,
>
> Rick Huijzer <ikbenrickhuyzer@HIDDEN> skribis:
>
>> The latest xscreensaver patch <https://issues.guix.gnu.org/56597> render=
ed
>> xscreensaver unusable on my systems. When I try to unlock my screen I am
>> greeted with the message 'xscreensaver: don't login as root', even thoug=
h I
>> don't invoke it as root.
>>
>>
>> $xscreensaver-command -lock
>> Aug 9 08:45:22 localhost shepherd[1]: [slim] xscreensaver-gfx: 08:45:22:
>> 1: running as root: not launching hacks.
>> Aug 9 09:10:29 localhost shepherd[1]: [slim] xscreensaver-command: lock=
ing
>> Aug 9 09:10:32 localhost shepherd[1]: [slim] xscreensaver-gfx: 09:10:32:
>> 0: running as root: not launching hacks.
>>
>> When I remove the
>> (screen-locker-service xscreensaver)
>> I run into all kinds of set-uid problems.
>
> Sorry about that, I built it during review but did not actually run it.
>
> One effect of =E2=80=98screen-locker-service=E2=80=99 is to make the prog=
ram setuid-root
> so that it can authenticate users. It would seem that something changed
> in xscreensaver in that area; quoth =E2=80=98driver/subprocs.c=E2=80=99:
>
> if (getuid() =3D=3D (uid_t) 0 || geteuid() =3D=3D (uid_t) 0)
> /* Prior to XScreenSaver 6, if running as root, we would change t=
he
> effective uid to the user "nobody" or "daemon" or "noaccess",
> but even that was just encouraging bad behavior. Don't log in
> as root. */
> {
> fprintf (stderr, "%s: %d: running as root: not launching hacks.=
\n",
> blurb(), ssi->number);
> screenhack_obituary (ssi, "", "XScreenSaver: Don't log in as ro=
ot.");
> goto DONE;
> }
>
> OTOH the =E2=80=98disavow_privileges=E2=80=99 function is supposed to dro=
p root
> privileges early on.
>
> So I=E2=80=99m not sure how it=E2=80=99s supposed to be run. R0man, idea=
s?
>
> Thanks,
> Ludo=E2=80=99.
--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQFTBAEBCAA9FiEE0iajOdjfRIFd3gygPdpSUn0qwZkFAmLzWt8fHHJvbWFuLnNj
aGVyZXJAYnVybmluZ3N3ZWxsLmNvbQAKCRA92lJSfSrBmaSOB/9u9HaRe7vhzC6K
KYg64KiAb6+kr1f2HD5Xmxe9q7ZTGJwgwkzAe/PvcYbhKHnDIxYOUwVthNvuDIPC
hyPnFepXstTGRvfwCIofm5EGWgosnRGQdbOIXHolPieX2uvTUw6ak16mwcgIH/3Y
l3BGLsR5qJjIvGfOATgUbSGRHV+/qzo5bnADUb65LDUH19BNQ/TYAQp4zy+NK1RN
xM3yD7qP7mYdkG21iv+6IbkGoujY9Y80IYOpdSISgmibPuQvnQxR9oh3/7aaEGuY
RtDvq/7CQF1aekfD2nxFpulYliE2j4f6Wa0N32EGuNk3xuO+LoeMgYQkCP8ioeEC
F79jnFLw
=u4Rj
-----END PGP SIGNATURE-----
--=-=-=--
X-Loop: help-debbugs@HIDDEN
Subject: bug#57071: Xscreensaver not working since latest patch
Resent-From: Rick Huijzer <ikbenrickhuyzer@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Wed, 10 Aug 2022 12:31:03 +0000
Resent-Message-ID: <handler.57071.B57071.166013464330959 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 57071
X-GNU-PR-Package: guix
X-GNU-PR-Keywords:
To: Roman Scherer <roman.scherer@HIDDEN>, ludo@HIDDEN, 57071 <at> debbugs.gnu.org
Received: via spool by 57071-submit <at> debbugs.gnu.org id=B57071.166013464330959
(code B ref 57071); Wed, 10 Aug 2022 12:31:03 +0000
Received: (at 57071) by debbugs.gnu.org; 10 Aug 2022 12:30:43 +0000
Received: from localhost ([127.0.0.1]:46759 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1oLkrC-00083C-VP
for submit <at> debbugs.gnu.org; Wed, 10 Aug 2022 08:30:43 -0400
Received: from mail-ej1-f47.google.com ([209.85.218.47]:33648)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <ikbenrickhuyzer@HIDDEN>) id 1oLkIU-0006mq-AZ
for 57071 <at> debbugs.gnu.org; Wed, 10 Aug 2022 07:54:52 -0400
Received: by mail-ej1-f47.google.com with SMTP id uj29so27372179ejc.0
for <57071 <at> debbugs.gnu.org>; Wed, 10 Aug 2022 04:54:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
h=to:subject:message-id:date:from:in-reply-to:references:mime-version
:from:to:cc; bh=hDZCOTv2BfznM9ThgpdVZ+yd+pDuUW4cUZlEa0ErZSk=;
b=qYB6EJzRaBnFLulCwOGOhQIiX3XGl0uyoDyRxRQUsSNodYdvVJ3Albty7JZgFJMz28
94wZhcRF7DiyyAzJv3MmSs0gqPokS8exaHQCf1jEMx8Wyhs/p5jY4hWoPgfEMR8bou2V
K7p8xaXjcYK5DBRHVwPOCTyKi1E1uySz1EN3kXvzkgJ3ZyMjcK0ouBuh4Y95Bl31KEkf
8PMrRXU6XSdyDI4mgM8D32rzSO4icyY+KPWKlV2ksmdzCtiv4x8aP/zY87rc9JYMaCvm
+yEpkd0wLKXpjKnQl3XiOQ4zy8Tdtahlit8lGj/Vbm8bleBh/zrt4VcKE6pnMSwHyIU+
J1UQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=to:subject:message-id:date:from:in-reply-to:references:mime-version
:x-gm-message-state:from:to:cc;
bh=hDZCOTv2BfznM9ThgpdVZ+yd+pDuUW4cUZlEa0ErZSk=;
b=4aVIlcAeZjcu9Z1leFqPoQz7KTmm7RPsaSqHgSpjAuEQWiTHhub2DH7Kgn9zkR++zm
DGHUtEgxEx/m383s1rX/tnF5fBlz9Bl1OSQ3OwkdFovi7VcVOrxW4k7kPbgVRs6huYhs
M5JTplUi57OwJEbUZGUHU8pcop1J0EV8HYM2rFkG1Q63EGw1yWO2OFCpi7L29uwhCKM1
B0GrV9R/WZ8wPHBxh4g012SNG4Jnqm9I68Fp+cREpcTTHTPOyxRwJN1VjB+x+eqKHZO2
keLKn2iC0HTwJH6hkGUusz39cbA3ENqszVNVnniPruvJGqJjNpXPLkGxKY7OXAJVfklz
UWpg==
X-Gm-Message-State: ACgBeo2koIqOSVOaqdj8kwdm8pYnIDhJa67T2+5tKLmHlzHiS2DLozwM
sEJVYFVOCBK/0N5hqHaRe9rTpZbqnkx3IW9SrKM=
X-Google-Smtp-Source: AA6agR66r6wuSqKVYHXW+R8LfE9hgk340TKvuzccjH/9K2rcauQdfePNkCf4TwLBZ3z4spESw500OxwToNzTYI4z6Ds=
X-Received: by 2002:a17:906:8461:b0:730:a43a:9981 with SMTP id
hx1-20020a170906846100b00730a43a9981mr19735301ejc.552.1660132484334; Wed, 10
Aug 2022 04:54:44 -0700 (PDT)
MIME-Version: 1.0
References: <CAGXOz9a6Kq5e69cwsHwDcDVvk1+_FMZPQN9A7kGs5F3iqbTApg@HIDDEN>
<87zggd14vh.fsf@HIDDEN> <87bksstvs0.fsf@HIDDEN>
In-Reply-To: <87bksstvs0.fsf@HIDDEN>
From: Rick Huijzer <ikbenrickhuyzer@HIDDEN>
Date: Wed, 10 Aug 2022 13:54:33 +0200
Message-ID: <CAGXOz9ZS2NuT61vDZyn-hWLWDBOROOptG6tK+iaNkxzS5UFMuw@HIDDEN>
Content-Type: multipart/alternative; boundary="00000000000002486005e5e1b735"
X-Spam-Score: 0.0 (/)
X-Mailman-Approved-At: Wed, 10 Aug 2022 08:30:40 -0400
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
--00000000000002486005e5e1b735
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Hi Roman and Ludo,
It seems that xscreensaver-auth needs to be setuid instead of the main
xscreensaver binary. The screen-locker-service in xorg.scm sets the
provided package setuid and sets the required pam configuration for the
provided package. The problem is that the pam configuration needs to be set
for xscreensaver (/etc/pam.d/xscreensaver) and setuid needs to be set for
xscreensaver-auth.
Interestingly when I setuid xscreensaver-auth manually I run into the
following when unlocking:
Aug 10 13:35:02 localhost unix_chkpwd[2197]: check pass; user unknown
Aug 10 13:35:02 localhost unix_chkpwd[2197]: password check failed for user
(rhuijzer)
Aug 10 13:35:02 localhost xscreensaver-auth: pam_unix(xscreensaver:auth):
authentication failure; logname=3D uid=3D1000 euid=3D1000 tty=3D:0 ruser=3D=
rhost=3D
user=3Drhuijzer
But this might be fixed in time by [RFC PATCH] gnu: linux-pam: Change path
to unix_chkpwd helper <https://issues.guix.gnu.org/53468>.
I don't know how to fix this elegantly, maybe create a dedicated service
for xscreensaver instead of the standard screen-locker-service?
Thanks,
Op wo 10 aug. 2022 om 09:14 schreef Roman Scherer <
roman.scherer@HIDDEN>:
>
> Hi Ludo and Rick,
>
> sorry for the trouble. I'm running xscreensaver on a foreign distro and
> did not notice this. Probably because somehow my screen wasn't locked,
> but still showing random screensavers.
>
> However, now that I tried the `xscreensaver-command -lock` command I see
> a dialog with a "Password initialization failed" message.
>
> The xscreensave logs also show this:
>
> xscreensaver-auth: 06:45:55: OOM: /proc/99677/oom_score_adj: Permission
> denied
> xscreensaver-auth: 06:45:55: To prevent the kernel from randomly
> unlocking
> xscreensaver-auth: 06:45:55: your screen via the out-of-memory killer,
> xscreensaver-auth: 06:45:55: "xscreensaver-auth" must be setuid root.
> xscreensaver-auth: 06:46:06: PAM: warning: /etc/pam.d/xscreensaver does
> not exist.
> xscreensaver-auth: 06:46:06: PAM: password authentication is unlikely to
> work.
> xscreensaver-auth: 06:46:15: PAM: warning: /etc/pam.d/xscreensaver does
> not exist.
> xscreensaver-auth: 06:46:15: PAM: password authentication is unlikely to
> work.
>
> When the dialog popped up, I had to switch to a terminal and kill
> xscreensaver to be able to access my desktop again.
>
> Should we revert it, until we figured out what's necesarry to get this
> working again?
>
> r0man
>
> Ludovic Court=C3=A8s <ludo@HIDDEN> writes:
>
> > Hi Rick,
> >
> > Rick Huijzer <ikbenrickhuyzer@HIDDEN> skribis:
> >
> >> The latest xscreensaver patch <https://issues.guix.gnu.org/56597>
> rendered
> >> xscreensaver unusable on my systems. When I try to unlock my screen I =
am
> >> greeted with the message 'xscreensaver: don't login as root', even
> though I
> >> don't invoke it as root.
> >>
> >>
> >> $xscreensaver-command -lock
> >> Aug 9 08:45:22 localhost shepherd[1]: [slim] xscreensaver-gfx:
> 08:45:22:
> >> 1: running as root: not launching hacks.
> >> Aug 9 09:10:29 localhost shepherd[1]: [slim] xscreensaver-command:
> locking
> >> Aug 9 09:10:32 localhost shepherd[1]: [slim] xscreensaver-gfx:
> 09:10:32:
> >> 0: running as root: not launching hacks.
> >>
> >> When I remove the
> >> (screen-locker-service xscreensaver)
> >> I run into all kinds of set-uid problems.
> >
> > Sorry about that, I built it during review but did not actually run it.
> >
> > One effect of =E2=80=98screen-locker-service=E2=80=99 is to make the pr=
ogram setuid-root
> > so that it can authenticate users. It would seem that something change=
d
> > in xscreensaver in that area; quoth =E2=80=98driver/subprocs.c=E2=80=99=
:
> >
> > if (getuid() =3D=3D (uid_t) 0 || geteuid() =3D=3D (uid_t) 0)
> > /* Prior to XScreenSaver 6, if running as root, we would change
> the
> > effective uid to the user "nobody" or "daemon" or "noaccess"=
,
> > but even that was just encouraging bad behavior. Don't log =
in
> > as root. */
> > {
> > fprintf (stderr, "%s: %d: running as root: not launching
> hacks.\n",
> > blurb(), ssi->number);
> > screenhack_obituary (ssi, "", "XScreenSaver: Don't log in as
> root.");
> > goto DONE;
> > }
> >
> > OTOH the =E2=80=98disavow_privileges=E2=80=99 function is supposed to d=
rop root
> > privileges early on.
> >
> > So I=E2=80=99m not sure how it=E2=80=99s supposed to be run. R0man, id=
eas?
> >
> > Thanks,
> > Ludo=E2=80=99.
>
--=20
Met vriendelijke groet,
Rick Huijzer
--00000000000002486005e5e1b735
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">Hi Roman and Ludo,<div><div><br></div><div>It seems that x=
screensaver-auth needs to be setuid instead of the main xscreensaver binary=
. The screen-locker-service in xorg.scm sets the provided package setuid an=
d sets the required pam configuration for the provided package. The problem=
is that the pam configuration needs to be set for xscreensaver (/etc/pam.d=
/xscreensaver) and setuid needs to be set for xscreensaver-auth.=C2=A0</div=
><div><br></div><div>Interestingly when I setuid xscreensaver-auth manually=
I run into the following when unlocking:</div><div>Aug 10 13:35:02 localho=
st unix_chkpwd[2197]: check pass; user unknown<br>Aug 10 13:35:02 localhost=
unix_chkpwd[2197]: password check failed for user (rhuijzer)<br>Aug 10 13:=
35:02 localhost xscreensaver-auth: pam_unix(xscreensaver:auth): authenticat=
ion failure; logname=3D uid=3D1000 euid=3D1000 tty=3D:0 ruser=3D rhost=3D =
=C2=A0user=3Drhuijzer<br></div><div><br></div><div>But this=C2=A0might=C2=
=A0be fixed in time by <a href=3D"https://issues.guix.gnu.org/53468">[RFC P=
ATCH] gnu: linux-pam: Change path to unix_chkpwd helper</a>.=C2=A0</div><di=
v><br></div><div>I don't know how to fix this elegantly, maybe create a=
dedicated service for xscreensaver instead of=C2=A0the standard screen-loc=
ker-service?=C2=A0</div><div><br></div><div>Thanks,</div><br><div class=3D"=
gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">Op wo 10 aug. 2022 om 09=
:14 schreef Roman Scherer <<a href=3D"mailto:roman.scherer@burningswell.=
com" target=3D"_blank">roman.scherer@HIDDEN</a>>:<br></div><bl=
ockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-lef=
t:1px solid rgb(204,204,204);padding-left:1ex"><br>
Hi Ludo and Rick,<br>
<br>
sorry for the trouble. I'm running xscreensaver on a foreign distro and=
<br>
did not notice this. Probably because somehow my screen wasn't locked,<=
br>
but still showing random screensavers.<br>
<br>
However, now that I tried the `xscreensaver-command -lock` command I see<br=
>
a dialog with a "Password initialization failed" message.<br>
<br>
The xscreensave logs also show this:<br>
<br>
xscreensaver-auth: 06:45:55: OOM: /proc/99677/oom_score_adj: Permission den=
ied<br>
xscreensaver-auth: 06:45:55:=C2=A0 =C2=A0To prevent the kernel from randoml=
y unlocking<br>
xscreensaver-auth: 06:45:55:=C2=A0 =C2=A0your screen via the out-of-memory =
killer,<br>
xscreensaver-auth: 06:45:55:=C2=A0 =C2=A0"xscreensaver-auth" must=
be setuid root.<br>
xscreensaver-auth: 06:46:06: PAM: warning: /etc/pam.d/xscreensaver does not=
exist.<br>
xscreensaver-auth: 06:46:06: PAM: password authentication is unlikely to wo=
rk.<br>
xscreensaver-auth: 06:46:15: PAM: warning: /etc/pam.d/xscreensaver does not=
exist.<br>
xscreensaver-auth: 06:46:15: PAM: password authentication is unlikely to wo=
rk.<br>
<br>
When the dialog popped up, I had to switch to a terminal and kill<br>
xscreensaver to be able to access my desktop again.<br>
<br>
Should we revert it, until we figured out what's necesarry to get this<=
br>
working again?<br>
<br>
r0man<br>
<br>
Ludovic Court=C3=A8s <<a href=3D"mailto:ludo@HIDDEN" target=3D"_blank">=
ludo@HIDDEN</a>> writes:<br>
<br>
> Hi Rick,<br>
><br>
> Rick Huijzer <<a href=3D"mailto:ikbenrickhuyzer@HIDDEN" target=
=3D"_blank">ikbenrickhuyzer@HIDDEN</a>> skribis:<br>
><br>
>> The latest xscreensaver patch <<a href=3D"https://issues.guix.g=
nu.org/56597" rel=3D"noreferrer" target=3D"_blank">https://issues.guix.gnu.=
org/56597</a>> rendered<br>
>> xscreensaver unusable on my systems. When I try to unlock my scree=
n I am<br>
>> greeted with the message 'xscreensaver: don't login as roo=
t', even though I<br>
>> don't invoke it as root.<br>
>><br>
>><br>
>> $xscreensaver-command -lock<br>
>> Aug=C2=A0 9 08:45:22 localhost shepherd[1]: [slim] xscreensaver-gf=
x: 08:45:22:<br>
>> 1: running as root: not launching hacks.<br>
>> Aug=C2=A0 9 09:10:29 localhost shepherd[1]: [slim] xscreensaver-co=
mmand: locking<br>
>> Aug=C2=A0 9 09:10:32 localhost shepherd[1]: [slim] xscreensaver-gf=
x: 09:10:32:<br>
>> 0: running as root: not launching hacks.<br>
>><br>
>> When I remove the<br>
>> (screen-locker-service xscreensaver)<br>
>> I run into all kinds of set-uid problems.<br>
><br>
> Sorry about that, I built it during review but did not actually run it=
.<br>
><br>
> One effect of =E2=80=98screen-locker-service=E2=80=99 is to make the p=
rogram setuid-root<br>
> so that it can authenticate users.=C2=A0 It would seem that something =
changed<br>
> in xscreensaver in that area; quoth =E2=80=98driver/subprocs.c=E2=80=
=99:<br>
><br>
>=C2=A0 =C2=A0 =C2=A0 =C2=A0if (getuid() =3D=3D (uid_t) 0 || geteuid() =
=3D=3D (uid_t) 0)<br>
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0/* Prior to XScreenSaver 6, if runnin=
g as root, we would change the<br>
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 effective uid to the user &qu=
ot;nobody" or "daemon" or "noaccess",<br>
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 but even that was just encour=
aging bad behavior.=C2=A0 Don't log in<br>
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 as root. */<br>
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0{<br>
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0fprintf (stderr, "%s: %d:=
running as root: not launching hacks.\n",<br>
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 b=
lurb(), ssi->number);<br>
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0screenhack_obituary (ssi, &quo=
t;", "XScreenSaver: Don't log in as root.");<br>
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0goto DONE;<br>
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0}<br>
><br>
> OTOH the =E2=80=98disavow_privileges=E2=80=99 function is supposed to =
drop root<br>
> privileges early on.<br>
><br>
> So I=E2=80=99m not sure how it=E2=80=99s supposed to be run.=C2=A0 R0m=
an, ideas?<br>
><br>
> Thanks,<br>
> Ludo=E2=80=99.<br>
</blockquote></div></div></div><br clear=3D"all"><div><br></div>-- <br><div=
dir=3D"ltr"><div dir=3D"ltr"><div><div dir=3D"ltr">Met vriendelijke groet,=
<div><br></div><div>Rick Huijzer</div><div><br></div></div></div></div></di=
v>
--00000000000002486005e5e1b735--
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.