Le Mon, Nov 01, 2021 at 12:15:01PM +0100, Matthieu Herrb a écrit :
> On Mon, Nov 01, 2021 at 12:00:30PM +0100, Landry Breuil wrote:
> > Le Sun, Oct 31, 2021 at 10:47:36PM +0100, Landry Breuil a écrit :
> > <snip>
> > > > > > > ** (xfce4-screensaver-dialog:72106): ERROR **: 21:36:25.353: 
> > > > > > > Failed to
> > > > > > >    connect to xfconf daemon: Cannot spawn a message bus when 
> > > > > > > setuid.
> > > > > > > 
> > > > > > > I don't know much about xfconf / dbus / setuid applications
> > > > > > > interactions, but this doesn't look like something related to 
> > > > > > > changes
> > > > > > > in base.
> > > > > > 
> > > > > > Well... iirc, nothing changed between xfconf and xfce4-screensaver 
> > > > > > since
> > > > > > months ... ? changes in credentials passing over sockets ?
> > > > > 
> > > > > The error messages comes from libgio-2.0.so.4200.14 part of glib2.
> > > > 
> > > > https://gitlab.xfce.org/apps/xfce4-screensaver/-/issues/96
> > > 
> > > well, good catch. i'll come up with something adapted from
> > > https://gitlab.alpinelinux.org/alpine/aports/-/commit/ee7f451b3a1b1bdcf1de4303369a0b8a152f4d73
> > > for bsdauth. I guess that's a regression from glib 2.70 update then, and
> > > mate-screensaver might be affected by the same issue as they share the
> > > same ancestor.
> > 
> > That still strange because xfce4-screensaver-dialog has code for
> > bsdauth, but if i try setting the binary setgid auth instead of setuid
> > root, and remove the setgroups() call, glib will still complain the
> > same, even if not setuid anymore..
> 
> But it's setgid, and while the error message only refers to setuid,
> the glib commit  makes it clear it's any kind of elevated privileges that
> make it refuse to connect.

ive looked a bit and i havent found the glib commit/MR that changed this
in 2.70... i've only found
https://gitlab.gnome.org/GNOME/glib/-/issues/2316 which doesnt talk
about gid.

> > Havent looked at mate-screensaver, but the below diff adapted from above
> > seems to work in my limited testing (eg xfce4-screensaver --debug, and
> > xflock4 in another term).
> 
> The problem I see with this approach is that it provides a tool that
> make it possible to do brute-force password checking.
> 
> I think that a solution where main screensaver process keeps the setgid
> auth bit, forks a privileged child to do the password check and
> revokes it's setgid privilege is better. But I'd like hear other
> people on this (millert@, kn@,...)

Well, i'm not going to be the one writing this code :)

> But whether glib will properly recognise that the process doesn't have
> privileges anymore is an open question before someone has looked at
> the code or tried it.

from looking at glib, it uses g_check_setuid:
https://gitlab.gnome.org/GNOME/glib/-/blob/main/gio/gdbusaddress.c#L1097
which is implemented here:
https://gitlab.gnome.org/GNOME/glib/-/blob/main/glib/gutils.c#L3013

Landry

Reply via email to