Re: x11/gnome-screensaver-2.22.1 is not unlocking screen on entry of correct password.
Joe == Joe Marcus Clarke [EMAIL PROTECTED] writes: [snipped] Joe The setuid privileges are dropped once initialization is done since GTK+ Joe apps cannot run set[ug]id. If they could, or if gnome-screesaver-dialog Joe was not a GTK+ app, this wouldn't be a problem. Thanks for the explanation, but I've a little doubt here, I saw implementation of gtk_init_with_args()[1]. So I also noticed that it checks for calling process to be set{uid,gid} and terminates if it is. So, even if application drops superuser privileges before gtk_init_with_args(), then how is it be able to access /etc/passwd.master ? References: [1] - http://svn.gnome.org/viewvc/gtk%2B/trunk/gtk/gtkmain.c?revision=19481view=markup TIA -- Ashish Shukla आशीष शुक्ल http://wahjava.wordpress.com/ ·-- ·- ·--- ·- ···- ·- ·--·-· --· -- ·- ·· ·-·· ·-·-·- -·-· --- -- pgp6cuS4CBPJK.pgp Description: PGP signature
Re: x11/gnome-screensaver-2.22.1 is not unlocking screen on entry of correct password.
On Sun, Apr 06, 2008 at 01:51:13PM -0400, Joe Marcus Clarke wrote: On Sun, 2008-04-06 at 23:07 +0530, Ashish Shukla आशीष शुक्ल wrote: Joe Marcus Clarke writes: Joe On Sun, 2008-04-06 at 15:59 +0530, Ashish Shukla आशीष शुक्ल wrote: Hi, Whenever I try to unlock my screen, locked using gnome-screensaver, it doesn't accept my password, rejects with Incorrect password. I'm running x11/gnome-screensaver-2.22.1 . Any ideas what is causing this ? And BtW, I've compiled gnome-screensaver-2.22.1 with PAM support. During password verification, there is some non-uniform delay (sometime more, sometimes less) . Is there anyone else experiencing this issue, hmm...? Joe This is typically the case when one builds gnome-screensaver with PAM Joe support, but they are currently using a PAM module which requires the Joe executable be setuid root (e.g. pam_unix). The only workaround is to Joe rebuild gnome-screensaver without PAM support, or use a different PAM Joe module which does not require root privileges. I've tried copying /etc/pam.d/gdm to /etc/pam.d/gnome-screensaver, but also thats of no use. Any ideas, why is that not working inspite of /usr/local/libexec/gnome-screensaver-dialog being setuid, hmm...? PAM and gnome-screensaver do not work together if you are using pam_unix. Rebuild gnome-screensaver without PAM support, and it will instead read /etc/master.passwd directly to authenticate the user. That will work. So, is there a scenario where PAM and gnome-screensaver *do* work? If not, then why is PAM an option? I admit that I don't fully understand PAM, but have noticed that there's a whole bunch of PAM stuff in recent FreeBSD configurations, even at the non-ports level, so I have it in gnome-screensaver, too. I thought that was just how it was supposed to be done. Therefore, whenever I mistakenly allow the screen to be locked, I have to log-in from another machine and kill the screen saver... My FreeBSD system is physically secure, so I don't have it lock automatically when the screen saver comes on, so this only happens when I mis-mouse in the GNOME System menu. So it hasn't bothered me enough to really try debugging it, up to now. (Although I did try to remove the lock screen menu item, but the menu-editing facility did not facilitate that...) Cheers, -- Andrew ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: x11/gnome-screensaver-2.22.1 is not unlocking screen on entry of correct password.
On Mon, 2008-04-07 at 16:36 +1000, Andrew Reilly wrote: On Sun, Apr 06, 2008 at 01:51:13PM -0400, Joe Marcus Clarke wrote: On Sun, 2008-04-06 at 23:07 +0530, Ashish Shukla आशीष शुक्ल wrote: Joe Marcus Clarke writes: Joe On Sun, 2008-04-06 at 15:59 +0530, Ashish Shukla आशीष शुक्ल wrote: Hi, Whenever I try to unlock my screen, locked using gnome-screensaver, it doesn't accept my password, rejects with Incorrect password. I'm running x11/gnome-screensaver-2.22.1 . Any ideas what is causing this ? And BtW, I've compiled gnome-screensaver-2.22.1 with PAM support. During password verification, there is some non-uniform delay (sometime more, sometimes less) . Is there anyone else experiencing this issue, hmm...? Joe This is typically the case when one builds gnome-screensaver with PAM Joe support, but they are currently using a PAM module which requires the Joe executable be setuid root (e.g. pam_unix). The only workaround is to Joe rebuild gnome-screensaver without PAM support, or use a different PAM Joe module which does not require root privileges. I've tried copying /etc/pam.d/gdm to /etc/pam.d/gnome-screensaver, but also thats of no use. Any ideas, why is that not working inspite of /usr/local/libexec/gnome-screensaver-dialog being setuid, hmm...? PAM and gnome-screensaver do not work together if you are using pam_unix. Rebuild gnome-screensaver without PAM support, and it will instead read /etc/master.passwd directly to authenticate the user. That will work. So, is there a scenario where PAM and gnome-screensaver *do* work? If not, then why is PAM an option? If you're using a PAM module which doesn't require root privileges (e.g. pam_ldap) then PAM support should work. I admit that I don't fully understand PAM, but have noticed that there's a whole bunch of PAM stuff in recent FreeBSD configurations, even at the non-ports level, so I have it in gnome-screensaver, too. I thought that was just how it was supposed to be done. Therefore, whenever I mistakenly allow the screen to be locked, I have to log-in from another machine and kill the screen saver... My FreeBSD system is physically secure, so I don't have it lock automatically when the screen saver comes on, so this only happens when I mis-mouse in the GNOME System menu. So it hasn't bothered me enough to really try debugging it, up to now. (Although I did try to remove the lock screen menu item, but the menu-editing facility did not facilitate that...) I filed a bug against gnome-screensaver a long time ago (see http://bugzilla.gnome.org/show_bug.cgi?id=370847). I don't see this bug ever being fixed in gnome-screensaver, though. If anyone wants to work on a setuid wrapper which can handle the PAM dialog, I would be happy to integrate it into our port. There already exists support in gnome-screensaver to handle such a wrapper, but since the non-PAM (default) configuration works for me, I haven't been bothered enough to implement this myself. Joe -- PGP Key : http://www.marcuscom.com/pgp.asc signature.asc Description: This is a digitally signed message part
Re: x11/gnome-screensaver-2.22.1 is not unlocking screen on entry of correct password.
On Mon, Apr 07, 2008 at 04:36:51PM +1000, Andrew Reilly wrote: On Sun, Apr 06, 2008 at 01:51:13PM -0400, Joe Marcus Clarke wrote: Joe This is typically the case when one builds gnome-screensaver with PAM Joe support, but they are currently using a PAM module which requires the Joe executable be setuid root (e.g. pam_unix). The only workaround is to Joe rebuild gnome-screensaver without PAM support, or use a different PAM Joe module which does not require root privileges. I've tried copying /etc/pam.d/gdm to /etc/pam.d/gnome-screensaver, but also thats of no use. Any ideas, why is that not working inspite of /usr/local/libexec/gnome-screensaver-dialog being setuid, hmm...? PAM and gnome-screensaver do not work together if you are using pam_unix. Rebuild gnome-screensaver without PAM support, and it will instead read /etc/master.passwd directly to authenticate the user. That will work. Just to add a bit more noise to this discussion: I've just re-configured gnome-screensaver to not use PAM, and re-installed. When doing so, I discovered that this installs gnome-screensaver-dialog, which is setuid root. Clearly, that's necessary in order to look at master.passwd directly. Isn't the same setuid-root done when PAM is involved? Cheers, -- Andrew ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: x11/gnome-screensaver-2.22.1 is not unlocking screen on entry of correct password.
On Mon, 2008-04-07 at 17:07 +1000, Andrew Reilly wrote: On Mon, Apr 07, 2008 at 04:36:51PM +1000, Andrew Reilly wrote: On Sun, Apr 06, 2008 at 01:51:13PM -0400, Joe Marcus Clarke wrote: Joe This is typically the case when one builds gnome-screensaver with PAM Joe support, but they are currently using a PAM module which requires the Joe executable be setuid root (e.g. pam_unix). The only workaround is to Joe rebuild gnome-screensaver without PAM support, or use a different PAM Joe module which does not require root privileges. I've tried copying /etc/pam.d/gdm to /etc/pam.d/gnome-screensaver, but also thats of no use. Any ideas, why is that not working inspite of /usr/local/libexec/gnome-screensaver-dialog being setuid, hmm...? PAM and gnome-screensaver do not work together if you are using pam_unix. Rebuild gnome-screensaver without PAM support, and it will instead read /etc/master.passwd directly to authenticate the user. That will work. Just to add a bit more noise to this discussion: I've just re-configured gnome-screensaver to not use PAM, and re-installed. When doing so, I discovered that this installs gnome-screensaver-dialog, which is setuid root. Clearly, that's necessary in order to look at master.passwd directly. Isn't the same setuid-root done when PAM is involved? The setuid privileges are dropped once initialization is done since GTK+ apps cannot run set[ug]id. If they could, or if gnome-screesaver-dialog was not a GTK+ app, this wouldn't be a problem. That's why a wrapper that actually does the PAM dialog would work here. Linux, on the other hand, includes a setuid tool with Linux PAM which does the privileged work for pam_unix. This means that none of their login apps need to be setuid root. Joe -- PGP Key : http://www.marcuscom.com/pgp.asc signature.asc Description: This is a digitally signed message part
x11/gnome-screensaver-2.22.1 is not unlocking screen on entry of correct password.
Hi, Whenever I try to unlock my screen, locked using gnome-screensaver, it doesn't accept my password, rejects with Incorrect password. I'm running x11/gnome-screensaver-2.22.1 . Any ideas what is causing this ? And BtW, I've compiled gnome-screensaver-2.22.1 with PAM support. During password verification, there is some non-uniform delay (sometime more, sometimes less) . Is there anyone else experiencing this issue, hmm...? TIA -- Ashish Shukla आशीष शुक्ल http://wahjava.wordpress.com/ ·-- ·- ·--- ·- ···- ·- ·--·-· --· -- ·- ·· ·-·· ·-·-·- -·-· --- -- pgp8e9imG841v.pgp Description: PGP signature
Re: x11/gnome-screensaver-2.22.1 is not unlocking screen on entry of correct password.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ashish Shukla आशीष शुक्ल пишет: Hi, Whenever I try to unlock my screen, locked using gnome-screensaver, it doesn't accept my password, rejects with Incorrect password. I'm running x11/gnome-screensaver-2.22.1 . Any ideas what is causing this ? And BtW, I've compiled gnome-screensaver-2.22.1 with PAM support. During password verification, there is some non-uniform delay (sometime more, sometimes less) . Is there anyone else experiencing this issue, hmm...? TIA I'm second it. But not just with like 2.22.1, i meet with this firstly in 2.18. There is no difference if i build it with or without PAM support. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (FreeBSD) iEYEARECAAYFAkf4vNgACgkQmY+KeAh7t3AhywCfarjDkCqxoHFQSHvDX5qVQTl8 hBIAoKtu4UGFAm6IKUK+zJoOeKEZPPS+ =FH9a -END PGP SIGNATURE- ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: x11/gnome-screensaver-2.22.1 is not unlocking screen on entry of correct password.
R == R Mahmatkhanov [EMAIL PROTECTED] writes: R Ashish Shukla आशीष शुक्ल пишет: Hi, Whenever I try to unlock my screen, locked using gnome-screensaver, it doesn't accept my password, rejects with Incorrect password. I'm running x11/gnome-screensaver-2.22.1 . Any ideas what is causing this ? And BtW, I've compiled gnome-screensaver-2.22.1 with PAM support. During password verification, there is some non-uniform delay (sometime more, sometimes less) . Is there anyone else experiencing this issue, hmm...? TIA R I'm second it. But not just with like 2.22.1, i meet with this firstly R in 2.18. There is no difference if i build it with or without PAM support. Any hacks or workarounds against this, you aware of ? Did you submit any PR related to this ? Thanks -- Ashish Shukla आशीष शुक्ल http://wahjava.wordpress.com/ ·-- ·- ·--- ·- ···- ·- ·--·-· --· -- ·- ·· ·-·· ·-·-·- -·-· --- -- pgpXycCRkh7QH.pgp Description: PGP signature
Re: x11/gnome-screensaver-2.22.1 is not unlocking screen on entry of correct password.
On Sun, 2008-04-06 at 15:59 +0530, Ashish Shukla आशीष शुक्ल wrote: Hi, Whenever I try to unlock my screen, locked using gnome-screensaver, it doesn't accept my password, rejects with Incorrect password. I'm running x11/gnome-screensaver-2.22.1 . Any ideas what is causing this ? And BtW, I've compiled gnome-screensaver-2.22.1 with PAM support. During password verification, there is some non-uniform delay (sometime more, sometimes less) . Is there anyone else experiencing this issue, hmm...? This is typically the case when one builds gnome-screensaver with PAM support, but they are currently using a PAM module which requires the executable be setuid root (e.g. pam_unix). The only workaround is to rebuild gnome-screensaver without PAM support, or use a different PAM module which does not require root privileges. Joe -- PGP Key : http://www.marcuscom.com/pgp.asc signature.asc Description: This is a digitally signed message part
Re: x11/gnome-screensaver-2.22.1 is not unlocking screen on entry of correct password.
On Sun, 06 Apr 2008 07:06:48 -0500, R.Mahmatkhanov [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ashish Shukla आशीष शुक्ल пишет: Hi, Whenever I try to unlock my screen, locked using gnome-screensaver, it doesn't accept my password, rejects with Incorrect password. I'm running x11/gnome-screensaver-2.22.1 . Any ideas what is causing this ? And BtW, I've compiled gnome-screensaver-2.22.1 with PAM support. During password verification, there is some non-uniform delay (sometime more, sometimes less) . Is there anyone else experiencing this issue, hmm...? TIA I'm second it. But not just with like 2.22.1, i meet with this firstly in 2.18. There is no difference if i build it with or without PAM support. I can't reproduce your problem for without PAM support. I don't use PAM, so it works great here with default setup to unlock screen. Cheers, Mezz -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (FreeBSD) iEYEARECAAYFAkf4vNgACgkQmY+KeAh7t3AhywCfarjDkCqxoHFQSHvDX5qVQTl8 hBIAoKtu4UGFAm6IKUK+zJoOeKEZPPS+ =FH9a -END PGP SIGNATURE- -- [EMAIL PROTECTED] - [EMAIL PROTECTED] FreeBSD GNOME Team http://www.FreeBSD.org/gnome/ - [EMAIL PROTECTED] ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: x11/gnome-screensaver-2.22.1 is not unlocking screen on entry of correct password.
Joe Marcus Clarke writes: Joe On Sun, 2008-04-06 at 15:59 +0530, Ashish Shukla आशीष शुक्ल wrote: Hi, Whenever I try to unlock my screen, locked using gnome-screensaver, it doesn't accept my password, rejects with Incorrect password. I'm running x11/gnome-screensaver-2.22.1 . Any ideas what is causing this ? And BtW, I've compiled gnome-screensaver-2.22.1 with PAM support. During password verification, there is some non-uniform delay (sometime more, sometimes less) . Is there anyone else experiencing this issue, hmm...? Joe This is typically the case when one builds gnome-screensaver with PAM Joe support, but they are currently using a PAM module which requires the Joe executable be setuid root (e.g. pam_unix). The only workaround is to Joe rebuild gnome-screensaver without PAM support, or use a different PAM Joe module which does not require root privileges. I've tried copying /etc/pam.d/gdm to /etc/pam.d/gnome-screensaver, but also thats of no use. Any ideas, why is that not working inspite of /usr/local/libexec/gnome-screensaver-dialog being setuid, hmm...? TIA -- Ashish Shukla आशीष शुक्ल http://wahjava.wordpress.com/ ·-- ·- ·--- ·- ···- ·- ·--·-· --· -- ·- ·· ·-·· ·-·-·- -·-· --- -- pgpDwaTjdofcz.pgp Description: PGP signature
Re: x11/gnome-screensaver-2.22.1 is not unlocking screen on entry of correct password.
Jeremy == Jeremy Messenger [EMAIL PROTECTED] writes: [snipped] Jeremy I can't reproduce your problem for without PAM support. I don't use Jeremy PAM, so it works great here with default setup to unlock screen. If you don't use PAM, then with which password do you unlock screen, hmm...? Thanks Ashish Shukla -- Ashish Shukla आशीष शुक्ल http://wahjava.wordpress.com/ ·-- ·- ·--- ·- ···- ·- ·--·-· --· -- ·- ·· ·-·· ·-·-·- -·-· --- -- pgpTInDgMTJR7.pgp Description: PGP signature
Re: x11/gnome-screensaver-2.22.1 is not unlocking screen on entry of correct password.
On Sun, 06 Apr 2008 12:39:55 -0500, Ashish Shukla आशीष शुक्ल [EMAIL PROTECTED] wrote: Jeremy == Jeremy Messenger [EMAIL PROTECTED] writes: [snipped] Jeremy I can't reproduce your problem for without PAM support. I don't use Jeremy PAM, so it works great here with default setup to unlock screen. If you don't use PAM, then with which password do you unlock screen, hmm...? I believe that it reads in /etc/master.passwd instead. Cheers, Mezz Thanks Ashish Shukla -- [EMAIL PROTECTED] - [EMAIL PROTECTED] FreeBSD GNOME Team http://www.FreeBSD.org/gnome/ - [EMAIL PROTECTED] ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: x11/gnome-screensaver-2.22.1 is not unlocking screen on entry of correct password.
On Sun, 2008-04-06 at 23:07 +0530, Ashish Shukla आशीष शुक्ल wrote: Joe Marcus Clarke writes: Joe On Sun, 2008-04-06 at 15:59 +0530, Ashish Shukla आशीष शुक्ल wrote: Hi, Whenever I try to unlock my screen, locked using gnome-screensaver, it doesn't accept my password, rejects with Incorrect password. I'm running x11/gnome-screensaver-2.22.1 . Any ideas what is causing this ? And BtW, I've compiled gnome-screensaver-2.22.1 with PAM support. During password verification, there is some non-uniform delay (sometime more, sometimes less) . Is there anyone else experiencing this issue, hmm...? Joe This is typically the case when one builds gnome-screensaver with PAM Joe support, but they are currently using a PAM module which requires the Joe executable be setuid root (e.g. pam_unix). The only workaround is to Joe rebuild gnome-screensaver without PAM support, or use a different PAM Joe module which does not require root privileges. I've tried copying /etc/pam.d/gdm to /etc/pam.d/gnome-screensaver, but also thats of no use. Any ideas, why is that not working inspite of /usr/local/libexec/gnome-screensaver-dialog being setuid, hmm...? PAM and gnome-screensaver do not work together if you are using pam_unix. Rebuild gnome-screensaver without PAM support, and it will instead read /etc/master.passwd directly to authenticate the user. That will work. Joe -- PGP Key : http://www.marcuscom.com/pgp.asc signature.asc Description: This is a digitally signed message part
Re: x11/gnome-screensaver-2.22.1 is not unlocking screen on entry of correct password.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeremy Messenger пишет: On Sun, 06 Apr 2008 07:06:48 -0500, R.Mahmatkhanov [EMAIL PROTECTED] wrote: Ashish Shukla [EMAIL PROTECTED] 6AM2 ?8H5B: Hi, Whenever I try to unlock my screen, locked using gnome-screensaver, it doesn't accept my password, rejects with Incorrect password. I'm running x11/gnome-screensaver-2.22.1 . Any ideas what is causing this ? And BtW, I've compiled gnome-screensaver-2.22.1 with PAM support. During password verification, there is some non-uniform delay (sometime more, sometimes less) . Is there anyone else experiencing this issue, hmm...? TIA I'm second it. But not just with like 2.22.1, i meet with this firstly in 2.18. There is no difference if i build it with or without PAM support. I can't reproduce your problem for without PAM support. I don't use PAM, so it works great here with default setup to unlock screen. Yes, my fault. I rebuild it with no PAM, and it now working. Thanks! But i believe i had a negative experience with this in past. Cheers, Mezz -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (FreeBSD) iEYEARECAAYFAkf5EJAACgkQmY+KeAh7t3AE8ACgqQrDMr7vTLVFmIClVsU5YmOs DuwAnjlv4kkJyi7CmSbpTx3TgdLE7Tjt =ZWKa -END PGP SIGNATURE- ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: x11/gnome-screensaver-2.22.1 is not unlocking screen on entry of correct password.
Jeremy == Jeremy Messenger [EMAIL PROTECTED] writes: Jeremy On Sun, 06 Apr 2008 12:39:55 -0500, Ashish Shukla आशीष शुक्ल Jeremy [EMAIL PROTECTED] wrote: Jeremy == Jeremy Messenger [EMAIL PROTECTED] writes: [snipped] Jeremy I can't reproduce your problem for without PAM support. I don't use Jeremy PAM, so it works great here with default setup to unlock screen. If you don't use PAM, then with which password do you unlock screen, hmm...? Jeremy I believe that it reads in /etc/master.passwd instead. Okay, thanks for the replies. -- Ashish Shukla आशीष शुक्ल http://wahjava.wordpress.com/ ·-- ·- ·--- ·- ···- ·- ·--·-· --· -- ·- ·· ·-·· ·-·-·- -·-· --- -- pgpYtR21Vw5sX.pgp Description: PGP signature