From debbugs-submit-bounces@debbugs.gnu.org Wed Aug 10 03:14:53 2022 Received: (at 57071) by debbugs.gnu.org; 10 Aug 2022 07:14:53 +0000 Received: from localhost ([127.0.0.1]:45851 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oLfvZ-0005bg-Eu for submit@debbugs.gnu.org; Wed, 10 Aug 2022 03:14:53 -0400 Received: from mail-ed1-f47.google.com ([209.85.208.47]:37555) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oLfvU-0005bP-H6 for 57071@debbugs.gnu.org; Wed, 10 Aug 2022 03:14:52 -0400 Received: by mail-ed1-f47.google.com with SMTP id b16so17897721edd.4 for <57071@debbugs.gnu.org>; Wed, 10 Aug 2022 00:14:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=burningswell-com.20210112.gappssmtp.com; s=20210112; h=mime-version:message-id:in-reply-to:date:subject:cc:to:from :user-agent:references:from:to:cc; bh=BZo3zzYEVsOvIYaT2ynHbmk4UtUudybjQgy92XDhoXY=; b=QTUMu8WzomYDLihtWEDHKVmFSNYhBTLHuAxnv3dz6UoSW9pbV+Zh2CgJIDhuZW7tLw Lsm1r7zwWEnB/Ii6gMfo0sL3CgzjHAUO+zympzkNEF0xKA/mkZ4p7E4HgAgtYglwl7bU nWI8anOkGOcXs3YVioVY+dsMoHNtwuQibLxBjVECJc3KgkTHNNNMxGjPy3tjmsdlDsx+ AjqFX3aDIW1dDIFqNgDpFKigIAPxEhZ+bv1RSRgAeZj6aIwbwjN+ZXQd2hlYVwEbYCgC FnOmCKI1vm6AC7MZgfKLL8G37zPj+bSAY0yGn3EU9GbTFG1OI/SiOIsR1PompVwYVgrD 48HA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=mime-version:message-id:in-reply-to:date:subject:cc:to:from :user-agent:references:x-gm-message-state:from:to:cc; bh=BZo3zzYEVsOvIYaT2ynHbmk4UtUudybjQgy92XDhoXY=; b=XJo2PA9pUaAumqV2X/osIuIsRJv0H+bn6zDhLsFTxkkLqNAOLeqJ4tfHo/NMKI2jBk W9fbBB3iCTSLKFKES/ukjtfm6LmgAbY9s2ahrHstX9RjADWlfWfVC3Xg6IUfMxXjupbK lLrDn0L4gOC4Q96BI07uFdI3XPtq3Mz7ASTXMTpXANL/Up0nXy/0T3a/JwnEspygZeH9 exU3zOXcdEGxECeeAilHK4Jx+tAxxHn0F3GXsxnxP2rkfKwZ5cLsUulbYKY+rT8Agcw5 MutQv4P6UoLgbOcLjeRDrQtpU9gqN7kGPmRHpfg6ll3SaTW1UBPHi4IM9rhjZDQdqwt0 fbxg== X-Gm-Message-State: ACgBeo0m5/deqEElIQLm/BaSGrY1IYUMxbBQ/2zrt8kvs359JGmNlW8Z ek6k7Znh1SBwTemEhLBF5EcJJDRjyj96yVbC X-Google-Smtp-Source: AA6agR516jFqXdF5BMNu6CktZTojFmdksi+NoCFyr9kFKy6mrOhbfclDN2GzwM8ltPhn40DLxdqjPw== X-Received: by 2002:a05:6402:1159:b0:43b:bc82:5ddb with SMTP id g25-20020a056402115900b0043bbc825ddbmr25056105edw.355.1660115682264; Wed, 10 Aug 2022 00:14:42 -0700 (PDT) Received: from precision (tmo-116-169.customers.d1-online.com. [80.187.116.169]) by smtp.gmail.com with ESMTPSA id b16-20020aa7c6d0000000b0043bb8023caesm7115463eds.62.2022.08.10.00.14.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 10 Aug 2022 00:14:41 -0700 (PDT) References: <87zggd14vh.fsf@gnu.org> User-agent: mu4e 1.8.7; emacs 28.1 From: Roman Scherer To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: bug#57071: Xscreensaver not working since latest patch Date: Wed, 10 Aug 2022 06:37:47 +0000 In-reply-to: <87zggd14vh.fsf@gnu.org> Message-ID: <87bksstvs0.fsf@burningswell.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 57071 Cc: 57071@debbugs.gnu.org, Rick Huijzer X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi Ludo and Rick, sorry for the trouble. I'm running xscreensaver on a foreign distro and did not notice this. Probably because somehow my screen wasn't locked, but still showing random screensavers. However, now that I tried the `xscreensaver-command -lock` command I see a dialog with a "Password initialization failed" message. The xscreensave logs also show this: xscreensaver-auth: 06:45:55: OOM: /proc/99677/oom_score_adj: Permission den= ied xscreensaver-auth: 06:45:55: To prevent the kernel from randomly unlocking xscreensaver-auth: 06:45:55: your screen via the out-of-memory killer, xscreensaver-auth: 06:45:55: "xscreensaver-auth" must be setuid root. xscreensaver-auth: 06:46:06: PAM: warning: /etc/pam.d/xscreensaver does not= exist. xscreensaver-auth: 06:46:06: PAM: password authentication is unlikely to wo= rk. xscreensaver-auth: 06:46:15: PAM: warning: /etc/pam.d/xscreensaver does not= exist. xscreensaver-auth: 06:46:15: PAM: password authentication is unlikely to wo= rk. When the dialog popped up, I had to switch to a terminal and kill xscreensaver to be able to access my desktop again. Should we revert it, until we figured out what's necesarry to get this working again? r0man Ludovic Court=C3=A8s writes: > Hi Rick, > > Rick Huijzer skribis: > >> The latest xscreensaver patch render= ed >> xscreensaver unusable on my systems. When I try to unlock my screen I am >> greeted with the message 'xscreensaver: don't login as root', even thoug= h I >> don't invoke it as root. >> >> >> $xscreensaver-command -lock >> Aug 9 08:45:22 localhost shepherd[1]: [slim] xscreensaver-gfx: 08:45:22: >> 1: running as root: not launching hacks. >> Aug 9 09:10:29 localhost shepherd[1]: [slim] xscreensaver-command: lock= ing >> Aug 9 09:10:32 localhost shepherd[1]: [slim] xscreensaver-gfx: 09:10:32: >> 0: running as root: not launching hacks. >> >> When I remove the >> (screen-locker-service xscreensaver) >> I run into all kinds of set-uid problems. > > Sorry about that, I built it during review but did not actually run it. > > One effect of =E2=80=98screen-locker-service=E2=80=99 is to make the prog= ram setuid-root > so that it can authenticate users. It would seem that something changed > in xscreensaver in that area; quoth =E2=80=98driver/subprocs.c=E2=80=99: > > if (getuid() =3D=3D (uid_t) 0 || geteuid() =3D=3D (uid_t) 0) > /* Prior to XScreenSaver 6, if running as root, we would change t= he > effective uid to the user "nobody" or "daemon" or "noaccess", > but even that was just encouraging bad behavior. Don't log in > as root. */ > { > fprintf (stderr, "%s: %d: running as root: not launching hacks.= \n", > blurb(), ssi->number); > screenhack_obituary (ssi, "", "XScreenSaver: Don't log in as ro= ot."); > goto DONE; > } > > OTOH the =E2=80=98disavow_privileges=E2=80=99 function is supposed to dro= p root > privileges early on. > > So I=E2=80=99m not sure how it=E2=80=99s supposed to be run. R0man, idea= s? > > Thanks, > Ludo=E2=80=99. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQFTBAEBCAA9FiEE0iajOdjfRIFd3gygPdpSUn0qwZkFAmLzWt8fHHJvbWFuLnNj aGVyZXJAYnVybmluZ3N3ZWxsLmNvbQAKCRA92lJSfSrBmaSOB/9u9HaRe7vhzC6K KYg64KiAb6+kr1f2HD5Xmxe9q7ZTGJwgwkzAe/PvcYbhKHnDIxYOUwVthNvuDIPC hyPnFepXstTGRvfwCIofm5EGWgosnRGQdbOIXHolPieX2uvTUw6ak16mwcgIH/3Y l3BGLsR5qJjIvGfOATgUbSGRHV+/qzo5bnADUb65LDUH19BNQ/TYAQp4zy+NK1RN xM3yD7qP7mYdkG21iv+6IbkGoujY9Y80IYOpdSISgmibPuQvnQxR9oh3/7aaEGuY RtDvq/7CQF1aekfD2nxFpulYliE2j4f6Wa0N32EGuNk3xuO+LoeMgYQkCP8ioeEC F79jnFLw =u4Rj -----END PGP SIGNATURE----- --=-=-=--