On 2022/03/31 18:21, Ariel Popper wrote:
> I am attempting to get Xscreensaver updated to 6.03, but as I am wholly
> inexperienced with this entire process, I have run into a snag.
>
> I am building on amd64, everything seems to build smoothly and install
> smoothly, screen blanking/unblanking, locking/unlocking is working as
> advertised. When trying to run any of the screensavers, the screen shows
> a message to not run Xscreensaver as root. As far as I know; I am not
> doing that.
xscreensaver is installed setuid root so that it can check passwords
(it does not handle the preferred BSD Authentication method).
This is why it is detecting that you run it as root.
xscreensaver 6.0 split off authentication into a separate process so
that the part running the animations doesn't need to run with the
privileges needed to check passwords (it doesn't support BSD
Authentication, the preferred method on OpenBSD, instead it does
lookups by opening the password database files itself).
Some port changes are needed to handle this change.
Not sure if it will work but you can try moving the @mode 4755/@mode
that are currently wrapping the PLIST entry for bin/xscreensaver to
libexec/xscreensaver/xscreensaver-auth instead.
Be prepared to switch to another (non-X) terminal or ssh in to kill
the process if it doesn't work.
If that change does work then also try replacing @mode 4755 with
"@group _shadow" / "@mode 2755" and adding "@group" after "@mode" as,
if that works, it will reduce the privileges needed.
(Ideally code should be written to use auth_userokay(3) as that would
be safer again, it no longer would need to access the password db
itself, just needing setgid _auth, but that's a bigger change).
No comments:
Post a Comment