Hi Ludo and Rick, sorry for the trouble. I'm running xscreensaver on a foreign distro and did not notice this. Probably because somehow my screen wasn't locked, but still showing random screensavers. However, now that I tried the `xscreensaver-command -lock` command I see a dialog with a "Password initialization failed" message. The xscreensave logs also show this: xscreensaver-auth: 06:45:55: OOM: /proc/99677/oom_score_adj: Permission denied xscreensaver-auth: 06:45:55: To prevent the kernel from randomly unlocking xscreensaver-auth: 06:45:55: your screen via the out-of-memory killer, xscreensaver-auth: 06:45:55: "xscreensaver-auth" must be setuid root. xscreensaver-auth: 06:46:06: PAM: warning: /etc/pam.d/xscreensaver does not exist. xscreensaver-auth: 06:46:06: PAM: password authentication is unlikely to work. xscreensaver-auth: 06:46:15: PAM: warning: /etc/pam.d/xscreensaver does not exist. xscreensaver-auth: 06:46:15: PAM: password authentication is unlikely to work. When the dialog popped up, I had to switch to a terminal and kill xscreensaver to be able to access my desktop again. Should we revert it, until we figured out what's necesarry to get this working again? r0man Ludovic Courtès writes: > Hi Rick, > > Rick Huijzer skribis: > >> The latest xscreensaver patch rendered >> xscreensaver unusable on my systems. When I try to unlock my screen I am >> greeted with the message 'xscreensaver: don't login as root', even though I >> don't invoke it as root. >> >> >> $xscreensaver-command -lock >> Aug 9 08:45:22 localhost shepherd[1]: [slim] xscreensaver-gfx: 08:45:22: >> 1: running as root: not launching hacks. >> Aug 9 09:10:29 localhost shepherd[1]: [slim] xscreensaver-command: locking >> Aug 9 09:10:32 localhost shepherd[1]: [slim] xscreensaver-gfx: 09:10:32: >> 0: running as root: not launching hacks. >> >> When I remove the >> (screen-locker-service xscreensaver) >> I run into all kinds of set-uid problems. > > Sorry about that, I built it during review but did not actually run it. > > One effect of ‘screen-locker-service’ is to make the program setuid-root > so that it can authenticate users. It would seem that something changed > in xscreensaver in that area; quoth ‘driver/subprocs.c’: > > if (getuid() == (uid_t) 0 || geteuid() == (uid_t) 0) > /* Prior to XScreenSaver 6, if running as root, we would change the > effective uid to the user "nobody" or "daemon" or "noaccess", > but even that was just encouraging bad behavior. Don't log in > as root. */ > { > fprintf (stderr, "%s: %d: running as root: not launching hacks.\n", > blurb(), ssi->number); > screenhack_obituary (ssi, "", "XScreenSaver: Don't log in as root."); > goto DONE; > } > > OTOH the ‘disavow_privileges’ function is supposed to drop root > privileges early on. > > So I’m not sure how it’s supposed to be run. R0man, ideas? > > Thanks, > Ludo’.