Bug#35936: marked as done (xscreensaver: a solution to run xscreensaver by xdm, keeping XAUTHORITY authentification)

Debian Bug Tracking System Wed, 21 Sep 2005 10:49:02 -0700

Your message dated Wed, 21 Sep 2005 19:44:05 +0200
with message-id <[EMAIL PROTECTED]>
and subject line Closing oldstable bugs
has caused the attached Bug report to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 12 Apr 1999 05:29:39 +0000
Received: (qmail 21891 invoked from network); 12 Apr 1999 05:29:39 -0000
Received: from border.groupaction.com (199.202.137.245)
  by master.debian.org with SMTP; 12 Apr 1999 05:29:39 -0000
Received: from host254.groupaction.com ([EMAIL PROTECTED] [192.168.1.254] (may 
be forged))
        by border.groupaction.com (8.8.8/8.8.8) with ESMTP id BAA20804
        for <[EMAIL PROTECTED]>; Mon, 12 Apr 1999 01:29:38 -0400 (EDT)
        (envelope-from [EMAIL PROTECTED])
Date: Mon, 12 Apr 1999 01:38:29 -0400 (EDT)
From: T_VoiD <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: xscreensaver: a solution to run xscreensaver by xdm, keeping XAUTHORITY
 authentification
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

Package: xscreensaver
Version: 3.07-3
Severity: wishlist

reading "man xscreensaver", you can see the author didn't find how to keep
XAUTHORITY stuff while running xscreensaver as nobody user

I have a solution that works on my computer, I think it is secure, you
could perhaps forward this mail to the upstream author too :)

I added this at the end of /etc/X11/xdm/Xsetup_0
------------------------------------------------------------------------------
if [ -x /usr/bin/X11/xscreensaver ]; then
   XSRUN=/var/run/xscreensaver-xdm_0
   PIDFILE=/var/run/xscreensaver-xdm_0.pid
   rm -rf $XSRUN
   mkdir -m 700 $XSRUN
   mkdir -m 700 $XSRUN/xscreensaver
   cp $XAUTHORITY $XSRUN/xscreensaver/Xauthority
   chown -R nobody $XSRUN/xscreensaver
   OLDPWD=$PWD
   cd $XSRUN/xscreensaver
   XAUTHORITY=Xauthority xscreensaver -no-lock-mode -no-splash &
   echo $! >$PIDFILE
   cd $OLDPWD
fi
------------------------------------------------------------------------------
/var/run is writable only by root, so no need to check for unsecure symlinks.
The mkdir -m 700 avoids race conditions allowing somebody to jump to the
newly created directories before they are changed to secure rights.

With this, xscreensaver is run in a "trapped" directory readable only
by itself and is given a copy of the XAUTHORITY file that was just
created by xdm, allowing it to run as nobody.

now the other adds to kill xscreensaver when an user logs in (or xdm
resets):
Add at the end of /etc/X11/xdm/Xsetup_0
------------------------------------------------------------------------------
PIDFILE=/var/run/xscreensaver-xdm_0.pid
if [ -e $PIDFILE ]; then
   kill `cat $PIDFILE`
   rm -f $PIDFILE
fi
------------------------------------------------------------------------------

Add the same at the end of /etc/X11/xdm/Xreset_0 (I don't know if really
needed)
------------------------------------------------------------------------------
PIDFILE=/var/run/xscreensaver-xdm_0.pid
if [ -e $PIDFILE ]; then
   kill `cat $PIDFILE`
   rm -f $PIDFILE
fi
------------------------------------------------------------------------------

you just have to change a few names (or compute them with the DISPLAY
variable) to do the same with non local :0 xdm sessions...

Now the real problem is how to package this so it might install
automagically (after a question?) if xdm is installed... hum, I leave this
to you...


-- System Information
Debian Release: potato
Kernel Version: Linux blackhole 2.2.5-ac6 #2 Sun Apr 11 21:40:18 EDT 1999 i586 
unknown

Versions of the packages xscreensaver depends on:
ii  lesstifg        0.88.0-1       OSF/Motif implementation released under LGPL
ii  libc6           2.1.1-0.2      GNU C Library: shared libraries
hi  xlib6g          3.3.3.1-0      shared libraries required by X clients
ii  xpm4g           3.4k-1         X Pixmap run-time libraries

---------------------------------------
Received: (at 35936-close) by bugs.debian.org; 21 Sep 2005 17:44:19 +0000
>From [EMAIL PROTECTED] Wed Sep 21 10:44:19 2005
Return-path: <[EMAIL PROTECTED]>
Received: from mail.charite.de [160.45.207.131] 
        by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
        id 1EI8dm-0007Gk-00; Wed, 21 Sep 2005 10:44:19 -0700
Received: from localhost (localhost [127.0.0.1])
        by mail.charite.de (Postfix) with ESMTP id C89A0221115;
        Wed, 21 Sep 2005 19:44:16 +0200 (CEST)
Received: from mail.charite.de ([127.0.0.1])
 by localhost (mail.charite.de [127.0.0.1]) (amavisd-new, port 10025)
 with ESMTP id 30277-06; Wed, 21 Sep 2005 19:44:06 +0200 (CEST)
Received: from postamt.charite.de (postamt.charite.de [160.45.207.132])
        (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
        (Client did not present a certificate)
        by mail.charite.de (Postfix) with ESMTP id 6419E22110D;
        Wed, 21 Sep 2005 19:44:05 +0200 (CEST)
Received: by postamt.charite.de (Postfix, from userid 7945)
        id 7D821220B91; Wed, 21 Sep 2005 19:44:05 +0200 (CEST)
Date: Wed, 21 Sep 2005 19:44:05 +0200
From: Ralf Hildebrandt <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], [EMAIL PROTECTED],
        [EMAIL PROTECTED], [EMAIL PROTECTED],
        [EMAIL PROTECTED], [EMAIL PROTECTED],
        [EMAIL PROTECTED], [EMAIL PROTECTED],
        [EMAIL PROTECTED], [EMAIL PROTECTED],
        [EMAIL PROTECTED], [EMAIL PROTECTED],
        [EMAIL PROTECTED], [EMAIL PROTECTED],
        [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Closing oldstable bugs
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.10i
X-Virus-Scanned: amavisd-new at charite.de
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no 
        version=2.60-bugs.debian.org_2005_01_02
X-CrossAssassin-Score: 10

Josselin and I are closing the oldstable bugs. oldstable doesn't
change except for security fixes, thus these bugs would never be fixed
anyway. 

If your bug persists in the recent xscreensaver versions in stable,
testing or unstable, then please file an appropriate bug report.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#35936: marked as done (xscreensaver: a solution to run xscreensaver by xdm, keeping XAUTHORITY authentification)

Reply via email to