Hi Rick, Rick Huijzer <ikbenrickhuy...@gmail.com> skribis:
> The latest xscreensaver patch <https://issues.guix.gnu.org/56597> rendered > xscreensaver unusable on my systems. When I try to unlock my screen I am > greeted with the message 'xscreensaver: don't login as root', even though I > don't invoke it as root. > > > $xscreensaver-command -lock > Aug 9 08:45:22 localhost shepherd[1]: [slim] xscreensaver-gfx: 08:45:22: > 1: running as root: not launching hacks. > Aug 9 09:10:29 localhost shepherd[1]: [slim] xscreensaver-command: locking > Aug 9 09:10:32 localhost shepherd[1]: [slim] xscreensaver-gfx: 09:10:32: > 0: running as root: not launching hacks. > > When I remove the > (screen-locker-service xscreensaver) > I run into all kinds of set-uid problems. Sorry about that, I built it during review but did not actually run it. One effect of ‘screen-locker-service’ is to make the program setuid-root so that it can authenticate users. It would seem that something changed in xscreensaver in that area; quoth ‘driver/subprocs.c’: --8<---------------cut here---------------start------------->8--- if (getuid() == (uid_t) 0 || geteuid() == (uid_t) 0) /* Prior to XScreenSaver 6, if running as root, we would change the effective uid to the user "nobody" or "daemon" or "noaccess", but even that was just encouraging bad behavior. Don't log in as root. */ { fprintf (stderr, "%s: %d: running as root: not launching hacks.\n", blurb(), ssi->number); screenhack_obituary (ssi, "", "XScreenSaver: Don't log in as root."); goto DONE; } --8<---------------cut here---------------end--------------->8--- OTOH the ‘disavow_privileges’ function is supposed to drop root privileges early on. So I’m not sure how it’s supposed to be run. R0man, ideas? Thanks, Ludo’.
