bug#57071: Xscreensaver not working since latest patch

[Roman Scherer <roman.scherer@burningswell.com>]

[-- Attachment #1: Type: text/plain, Size: 3176 bytes --]


Hi Ludo and Rick,

sorry for the trouble. I'm running xscreensaver on a foreign distro and
did not notice this. Probably because somehow my screen wasn't locked,
but still showing random screensavers.

However, now that I tried the `xscreensaver-command -lock` command I see
a dialog with a "Password initialization failed" message.

The xscreensave logs also show this:

xscreensaver-auth: 06:45:55: OOM: /proc/99677/oom_score_adj: Permission denied
xscreensaver-auth: 06:45:55:   To prevent the kernel from randomly unlocking
xscreensaver-auth: 06:45:55:   your screen via the out-of-memory killer,
xscreensaver-auth: 06:45:55:   "xscreensaver-auth" must be setuid root.
xscreensaver-auth: 06:46:06: PAM: warning: /etc/pam.d/xscreensaver does not exist.
xscreensaver-auth: 06:46:06: PAM: password authentication is unlikely to work.
xscreensaver-auth: 06:46:15: PAM: warning: /etc/pam.d/xscreensaver does not exist.
xscreensaver-auth: 06:46:15: PAM: password authentication is unlikely to work.

When the dialog popped up, I had to switch to a terminal and kill
xscreensaver to be able to access my desktop again.

Should we revert it, until we figured out what's necesarry to get this
working again?

r0man

Ludovic Courtès <ludo@gnu.org> writes:

> Hi Rick,
>
> Rick Huijzer <ikbenrickhuyzer@gmail.com> skribis:
>
>> The latest xscreensaver patch <https://issues.guix.gnu.org/56597> rendered
>> xscreensaver unusable on my systems. When I try to unlock my screen I am
>> greeted with the message 'xscreensaver: don't login as root', even though I
>> don't invoke it as root.
>>
>>
>> $xscreensaver-command -lock
>> Aug  9 08:45:22 localhost shepherd[1]: [slim] xscreensaver-gfx: 08:45:22:
>> 1: running as root: not launching hacks.
>> Aug  9 09:10:29 localhost shepherd[1]: [slim] xscreensaver-command: locking
>> Aug  9 09:10:32 localhost shepherd[1]: [slim] xscreensaver-gfx: 09:10:32:
>> 0: running as root: not launching hacks.
>>
>> When I remove the
>> (screen-locker-service xscreensaver)
>> I run into all kinds of set-uid problems.
>
> Sorry about that, I built it during review but did not actually run it.
>
> One effect of ‘screen-locker-service’ is to make the program setuid-root
> so that it can authenticate users.  It would seem that something changed
> in xscreensaver in that area; quoth ‘driver/subprocs.c’:
>
>       if (getuid() == (uid_t) 0 || geteuid() == (uid_t) 0)
>         /* Prior to XScreenSaver 6, if running as root, we would change the
>            effective uid to the user "nobody" or "daemon" or "noaccess",
>            but even that was just encouraging bad behavior.  Don't log in
>            as root. */
>         {
>           fprintf (stderr, "%s: %d: running as root: not launching hacks.\n",
>                    blurb(), ssi->number);
>           screenhack_obituary (ssi, "", "XScreenSaver: Don't log in as root.");
>           goto DONE;
>         }
>
> OTOH the ‘disavow_privileges’ function is supposed to drop root
> privileges early on.
>
> So I’m not sure how it’s supposed to be run.  R0man, ideas?
>
> Thanks,
> Ludo’.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 528 bytes --]