Hi suckless folks,
I fresh adopted the maintaince for the suckless-tools package in debian.
Its debian-policy to avoid setuid root binaries wherever this is possible,
so I patched slock to not demant root-rights, but just checks,
if the password-query commands are successfull.
I also patched the Makefile to do not setuid root but setgid shadow instead.
I think, may the patch can go to upstream, so I send it here
Index: suckless-tools-39/slock/Makefile
===================================================================
--- suckless-tools-39.orig/slock/Makefile 2012-01-23 11:59:50.186494839
+0100
+++ suckless-tools-39/slock/Makefile 2012-01-23 11:59:54.258583809 +0100
@@ -41,7 +41,8 @@
@mkdir -p ${DESTDIR}${PREFIX}/bin
@cp -f slock ${DESTDIR}${PREFIX}/bin
@chmod 755 ${DESTDIR}${PREFIX}/bin/slock
- @chmod u+s ${DESTDIR}${PREFIX}/bin/slock
+ @chgrp shadow ${DESTDIR}${PREFIX}/bin/slock
+ @chmod g+s ${DESTDIR}${PREFIX}/bin/slock
uninstall:
@echo removing executable file from ${DESTDIR}${PREFIX}/bin
Index: suckless-tools-39/slock/slock.c
===================================================================
--- suckless-tools-39.orig/slock/slock.c 2008-07-29 20:22:46.000000000
+0200
+++ suckless-tools-39/slock/slock.c 2012-01-23 13:03:08.275556534 +0100
@@ -38,16 +38,17 @@
const char *rval;
struct passwd *pw;
- if(geteuid() != 0)
- die("slock: cannot retrieve password entry (make sure to suid
slock)\n");
pw = getpwuid(getuid());
+ if(!pw)
+ die("slock: cannot retrieve password entry (may you need to
suid or sgid slock?)\n");
endpwent();
rval = pw->pw_passwd;
-
-#if HAVE_SHADOW_H
+#ifdef HAVE_SHADOW_H
{
struct spwd *sp;
sp = getspnam(getenv("USER"));
+ if(!sp)
+ die("slock: cannot retrieve shadow entry (may you need
to suid or sgid slock?)\n");
endspent();
rval = sp->sp_pwdp;
}
