Hi Ludo and Rick, sorry for the trouble. I'm running xscreensaver on a foreign distro and did not notice this. Probably because somehow my screen wasn't locked, but still showing random screensavers.
However, now that I tried the `xscreensaver-command -lock` command I see a dialog with a "Password initialization failed" message. The xscreensave logs also show this: xscreensaver-auth: 06:45:55: OOM: /proc/99677/oom_score_adj: Permission denied xscreensaver-auth: 06:45:55: To prevent the kernel from randomly unlocking xscreensaver-auth: 06:45:55: your screen via the out-of-memory killer, xscreensaver-auth: 06:45:55: "xscreensaver-auth" must be setuid root. xscreensaver-auth: 06:46:06: PAM: warning: /etc/pam.d/xscreensaver does not exist. xscreensaver-auth: 06:46:06: PAM: password authentication is unlikely to work. xscreensaver-auth: 06:46:15: PAM: warning: /etc/pam.d/xscreensaver does not exist. xscreensaver-auth: 06:46:15: PAM: password authentication is unlikely to work. When the dialog popped up, I had to switch to a terminal and kill xscreensaver to be able to access my desktop again. Should we revert it, until we figured out what's necesarry to get this working again? r0man Ludovic Courtès <l...@gnu.org> writes: > Hi Rick, > > Rick Huijzer <ikbenrickhuy...@gmail.com> skribis: > >> The latest xscreensaver patch <https://issues.guix.gnu.org/56597> rendered >> xscreensaver unusable on my systems. When I try to unlock my screen I am >> greeted with the message 'xscreensaver: don't login as root', even though I >> don't invoke it as root. >> >> >> $xscreensaver-command -lock >> Aug 9 08:45:22 localhost shepherd[1]: [slim] xscreensaver-gfx: 08:45:22: >> 1: running as root: not launching hacks. >> Aug 9 09:10:29 localhost shepherd[1]: [slim] xscreensaver-command: locking >> Aug 9 09:10:32 localhost shepherd[1]: [slim] xscreensaver-gfx: 09:10:32: >> 0: running as root: not launching hacks. >> >> When I remove the >> (screen-locker-service xscreensaver) >> I run into all kinds of set-uid problems. > > Sorry about that, I built it during review but did not actually run it. > > One effect of ‘screen-locker-service’ is to make the program setuid-root > so that it can authenticate users. It would seem that something changed > in xscreensaver in that area; quoth ‘driver/subprocs.c’: > > if (getuid() == (uid_t) 0 || geteuid() == (uid_t) 0) > /* Prior to XScreenSaver 6, if running as root, we would change the > effective uid to the user "nobody" or "daemon" or "noaccess", > but even that was just encouraging bad behavior. Don't log in > as root. */ > { > fprintf (stderr, "%s: %d: running as root: not launching hacks.\n", > blurb(), ssi->number); > screenhack_obituary (ssi, "", "XScreenSaver: Don't log in as > root."); > goto DONE; > } > > OTOH the ‘disavow_privileges’ function is supposed to drop root > privileges early on. > > So I’m not sure how it’s supposed to be run. R0man, ideas? > > Thanks, > Ludo’.
signature.asc
Description: PGP signature
