From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bug-guix-bounces+larch=yhetil.org@gnu.org>
Received: from mp12.migadu.com ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms5.migadu.com with LMTPS
	id 4DgULVvS8mIBUgEAbAwnHQ
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Tue, 09 Aug 2022 23:32:11 +0200
Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp12.migadu.com with LMTPS
	id sK3tLFvS8mK5VgEAauVa8A
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Tue, 09 Aug 2022 23:32:11 +0200
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 77A3415485
	for <larch@yhetil.org>; Tue,  9 Aug 2022 23:32:11 +0200 (CEST)
Received: from localhost ([::1]:44032 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	id 1oLWpe-0004P4-Kb
	for larch@yhetil.org; Tue, 09 Aug 2022 17:32:10 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:41506)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1oLWpX-0004Oe-10
 for bug-guix@gnu.org; Tue, 09 Aug 2022 17:32:03 -0400
Received: from debbugs.gnu.org ([209.51.188.43]:55579)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1oLWpW-0001tR-BR
 for bug-guix@gnu.org; Tue, 09 Aug 2022 17:32:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1oLWpW-0002XR-7D
 for bug-guix@gnu.org; Tue, 09 Aug 2022 17:32:02 -0400
X-Loop: help-debbugs@gnu.org
Subject: bug#57071: Xscreensaver not working since latest patch
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-guix@gnu.org
Resent-Date: Tue, 09 Aug 2022 21:32:02 +0000
Resent-Message-ID: <handler.57071.B57071.16600806699626@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 57071
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: Rick Huijzer <ikbenrickhuyzer@gmail.com>
Cc: r0man <roman@burningswell.com>, 57071@debbugs.gnu.org
Received: via spool by 57071-submit@debbugs.gnu.org id=B57071.16600806699626
 (code B ref 57071); Tue, 09 Aug 2022 21:32:02 +0000
Received: (at 57071) by debbugs.gnu.org; 9 Aug 2022 21:31:09 +0000
Received: from localhost ([127.0.0.1]:45328 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1oLWof-0002VC-23
 for submit@debbugs.gnu.org; Tue, 09 Aug 2022 17:31:09 -0400
Received: from eggs.gnu.org ([209.51.188.92]:56784)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1oLWod-0002Ur-Fm
 for 57071@debbugs.gnu.org; Tue, 09 Aug 2022 17:31:07 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:47632)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>)
 id 1oLWoY-0001od-20; Tue, 09 Aug 2022 17:31:02 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To:
 From; bh=hEjpbY8zv2PmpU8WUZfxS+2BjvT9JJyrK5qVFRbKFWc=; b=eWLatwZSXh/7mvaECucM
 GxYcEV5P8rl8Y/hSlWqH5LnfLfJ5Oogq1b47XC/fxSt4kMJ5liUlzvjST7ublAsxKvp3eSMvwOj5J
 O2Tbdn5qW0AQSwiesaRfkSbSc3+fdvCa1isyl1pEVelsj5qYXD0AM1c0JOCvD5ubfdc2IIZww3/83
 AlZDpkbpE6sQ4LYb0tqh+eRpPWhdrKRsgHefV5AEijIgrWD4aCIfvnxov/VgYOgsaTPEPj6djKges
 FZSBf/9p8noDqQKxKgl7rN76hSymtaqB1gjWRieH5gJZRJMpbBZic3r07M693vkI/ZbnImxktosvI
 rf9XjQ9WUUPb9A==;
Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:60821
 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>)
 id 1oLWoW-0005lg-HG; Tue, 09 Aug 2022 17:31:01 -0400
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
References: <CAGXOz9a6Kq5e69cwsHwDcDVvk1+_FMZPQN9A7kGs5F3iqbTApg@mail.gmail.com>
Date: Tue, 09 Aug 2022 23:30:58 +0200
In-Reply-To: <CAGXOz9a6Kq5e69cwsHwDcDVvk1+_FMZPQN9A7kGs5F3iqbTApg@mail.gmail.com>
 (Rick Huijzer's message of "Tue, 9 Aug 2022 10:04:17 +0200")
Message-ID: <87zggd14vh.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-guix@gnu.org
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-guix>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=subscribe>
Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org
Sender: "bug-Guix" <bug-guix-bounces+larch=yhetil.org@gnu.org>
X-Migadu-Flow: FLOW_IN
X-Migadu-To: larch@yhetil.org
X-Migadu-Country: US
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1660080731;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:resent-cc:
	 resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to:
	 references:references:list-id:list-help:list-unsubscribe:
	 list-subscribe:list-post:dkim-signature;
	bh=hEjpbY8zv2PmpU8WUZfxS+2BjvT9JJyrK5qVFRbKFWc=;
	b=gnD8BSMbMbLE+cNtOvMRf+DiPOr3jKkNmLGHZYEzY/gWnKY6Yl5H0aG9VaVZB+RHy3NpPf
	18iKazYdWLtAjkINb3BH0X/4dEGWq3ceBMO3jvX1DBxwqvIqs6KkVUZtGtn/Cg/KT4dpQc
	zlWX7GNvCq2uyhraGShWZqN9xpTA+SGPXRXxIajdbhPAB0uVb64AOjLYtqXgsrhH0n3/ti
	lJ8Vix1382cHyjY5a/zO+HrBuWRJJR2E/xFD22qHxcWphY21ja/b6FWpJ7s0kGhuJTnH+7
	Ds0dlQ3fE6LK180G6r/AKrZWycKnm7y3uNSdiDnI02E/BBODHet0Ot/bB+FaPg==
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1660080731; a=rsa-sha256; cv=none;
	b=krYQYKUmD5QUcrNwRNWWSDVGdb6E6cmP9JRSLxqX2Z7RXtV68szK2fWefEaOlnorWblV1X
	IyNw0+xm1cThRxJUfjUcrpGMrYJy2KNt+KWrMv17Mb2YHeT2waBSgZ4tz64/zSiqPXDlEq
	lI44zimbYYaM/Ptvg2uVMvnAgkmCbyyugCi/y1mK9C04ttaTCjRk/36szd1jARWATwyxRQ
	nCoAa354y9dPDoXzUtwBpp1QgctckUfjB62huytD0DEkOG5sIV7siebDo3udVeoDDSA2VO
	PQfRQHDAL/VsSx/ZzlT2RetXstwZH/zpJJZb3ts/nlQC9a70I8mfcOfWhnvLbw==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=gnu.org header.s=fencepost-gnu-org header.b=eWLatwZS;
	dmarc=pass (policy=none) header.from=gnu.org;
	spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org"
X-Migadu-Spam-Score: -3.79
Authentication-Results: aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=gnu.org header.s=fencepost-gnu-org header.b=eWLatwZS;
	dmarc=pass (policy=none) header.from=gnu.org;
	spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org"
X-Migadu-Queue-Id: 77A3415485
X-Spam-Score: -3.79
X-Migadu-Scanner: scn1.migadu.com
X-TUID: AQnrT2jPMfkw

Hi Rick,

Rick Huijzer <ikbenrickhuyzer@gmail.com> skribis:

> The latest xscreensaver patch <https://issues.guix.gnu.org/56597> rendered
> xscreensaver unusable on my systems. When I try to unlock my screen I am
> greeted with the message 'xscreensaver: don't login as root', even though=
 I
> don't invoke it as root.
>
>
> $xscreensaver-command -lock
> Aug  9 08:45:22 localhost shepherd[1]: [slim] xscreensaver-gfx: 08:45:22:
> 1: running as root: not launching hacks.
> Aug  9 09:10:29 localhost shepherd[1]: [slim] xscreensaver-command: locki=
ng
> Aug  9 09:10:32 localhost shepherd[1]: [slim] xscreensaver-gfx: 09:10:32:
> 0: running as root: not launching hacks.
>
> When I remove the
> (screen-locker-service xscreensaver)
> I run into all kinds of set-uid problems.

Sorry about that, I built it during review but did not actually run it.

One effect of =E2=80=98screen-locker-service=E2=80=99 is to make the progra=
m setuid-root
so that it can authenticate users.  It would seem that something changed
in xscreensaver in that area; quoth =E2=80=98driver/subprocs.c=E2=80=99:

--8<---------------cut here---------------start------------->8---
      if (getuid() =3D=3D (uid_t) 0 || geteuid() =3D=3D (uid_t) 0)
        /* Prior to XScreenSaver 6, if running as root, we would change the
           effective uid to the user "nobody" or "daemon" or "noaccess",
           but even that was just encouraging bad behavior.  Don't log in
           as root. */
        {
          fprintf (stderr, "%s: %d: running as root: not launching hacks.\n=
",
                   blurb(), ssi->number);
          screenhack_obituary (ssi, "", "XScreenSaver: Don't log in as root=
.");
          goto DONE;
        }
--8<---------------cut here---------------end--------------->8---

OTOH the =E2=80=98disavow_privileges=E2=80=99 function is supposed to drop =
root
privileges early on.

So I=E2=80=99m not sure how it=E2=80=99s supposed to be run.  R0man, ideas?

Thanks,
Ludo=E2=80=99.