Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[HOW-TO] xscreensavers for user "root"
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Unsupported Software
View previous topic :: View next topic  
Author Message
pappy_mcfae
Watchman
Watchman


Joined: 27 Dec 2007
Posts: 5911
Location: Pomona, California.

PostPosted: Thu May 08, 2008 11:06 pm    Post subject: [HOW-TO] xscreensavers for user "root" Reply with quote

HOW-TO trick xscreensaver into working for those who log in as root user.

WARNING!

This document effectively tells you how to open a security hole in your system. A brief reading of the source code lets you know this in no uncertain terms. Therefore, if you decide to use the info contained in this document, you do so at your own risk. If you assess your risk to be minimal, and you desire the functionality of screen savers in your non-KDE windows manager, like XFCE perhaps, then this document is for you.

You assume total responsibility for any havoc this hack may wreak upon your system. Of course, if you operate as the root user, that's a risk anyway, so you're probably already aware of the risks. It is therefore assumed that from this point forward, you are fully aware there are risks involved with this operation, and no one is forcing you to do anything; even to read this document. By proceeding, you accept any and all consequences that may befall your system as a result of the actions described herein. Do not use this on a production system!

YOU HAVE BEEN WARNED!

Ok, now that we've got that out of the way, let's get down to the nitty-gritty.

Preparation:

1) Copy the version of xscreensaver (using xscreensaver-5.05 for this example) you wish to hack from your distfiles; most likely /usr/portage/distfiles, into a working directory.

2) Decompress the archive.

3) Copy the patch files from /usr/portage/x11-misc/xscreensaver/files into the extracted source directory.

4) Apply patches.

Hacking:

You are now ready to hack the source code. You will be concerned with only two files: /<src_dir>/driver/exec.c and /<src_dir>/driver/setuid.c. I don't know much about making patches, so if someone can make a patch out of this, please post it in this thread. Thanks

1) exec.c. It is there that the root user rejection lies. It is easily commented out.

Starting on line 187

BEFORE:
Code:
  hairy_p = !!strpbrk (command, "*?$&!<>[];`'\\\"=");
  /* note: = is in the above because of the sh syntax "FOO=bar cmd". */

  if (getuid() == (uid_t) 0 || geteuid() == (uid_t) 0)
    {
      /* If you're thinking of commenting this out, think again.
         If you do so, you will open a security hole.  Mail jwz
         so that he may enlighten you as to the error of your ways.
       */
      fprintf (stderr, "%s: we're still running as root!  Disaster!\n",
               blurb());
      exit (-1);


AFTER:
Code:
  hairy_p = !!strpbrk (command, "*?$&!<>[];`'\\\"=");
  /* note: = is in the above because of the sh syntax "FOO=bar cmd". */

  if (getuid() == (uid_t) 0 || geteuid() == (uid_t) 0)
    {
      /* If you're thinking of commenting this out, think again.
         If you do so, you will open a security hole.  Mail jwz
         so that he may enlighten you as to the error of your ways.
       
      fprintf (stderr, "%s: we're still running as root!  Disaster!\n",
               blurb());
      exit (-1);*/


2) setuid.c Don't let the red herrings fool you. There are only a few numbers that need to be changed, literally zeroes and ones. I simply change the forbidden user to user 1. Now the root user is no longer forbidden.

Starting at line 255.

BEFORE:
Code:
  {
    uid_t euid = geteuid();
    gid_t egid = getegid();
    uid_t uid = getuid();
    gid_t gid = getgid();

    si->orig_uid = strdup (uid_gid_string (euid, egid));

    if (uid != euid || gid != egid)
      if (set_ids_by_number (uid, gid, &si->uid_message) != 0)
   saver_exit (si, 1, 0);
  }


AFTER:
Code:
  {
    uid_t euid = geteuid();
    gid_t egid = getegid();
    uid_t uid = getuid();
    gid_t gid = getgid();

    si->orig_uid = strdup (uid_gid_string (euid, egid));

    if (uid != euid || gid != egid)
      if (set_ids_by_number (uid, gid, &si->uid_message) != 1)
   saver_exit (si, 1, 0);
  }


Once again, offer a bogus user ID that isn't 0

Starting at line 278

BEFORE:
Code:
  if (getuid() == (uid_t) 0)
    {
      si->locking_disabled_p = True;
      si->nolock_reason = "running as root";
    }


AFTER:
Code:
  if (getuid() == (uid_t) 1)
    {
      si->locking_disabled_p = True;
      si->nolock_reason = "running as root";
    }


Why stop there? If we're going, go all the way. I haven't tried this to see if it works. I don't lock my screen savers. Any feedback is appreciated. Allow locking for root.

Starting at line 297

BEFORE:
Code:
 if (getuid() == (uid_t) 0)
    {
      struct passwd *p;

      p = getpwnam ("nobody");
      if (! p) p = getpwnam ("noaccess");
      if (! p) p = getpwnam ("daemon");
      if (! p)
   {


AFTER:
Code:
if (getuid() == (uid_t) 1)
    {
      struct passwd *p;

      p = getpwnam ("nobody");
      if (! p) p = getpwnam ("noaccess");
      if (! p) p = getpwnam ("daemon");
      if (! p)
   {


And finally, I finish out the lie in grand style.

Starting at line 329

BEFORE:
Code:
  {
    uid_t uid = getuid ();      /* get it again */
    struct passwd *p = getpwuid (uid);   /* get it again */

    if (!p ||
   uid == (uid_t)  0 ||
   uid == (uid_t) -1 ||
   uid == (uid_t) -2 ||
   p->pw_uid == (uid_t)  0 ||
   p->pw_uid == (uid_t) -1 ||
   p->pw_uid == (uid_t) -2 ||
   !p->pw_name ||
   !*p->pw_name ||
   !strcmp (p->pw_name, "root") ||
   !strcmp (p->pw_name, "nobody") ||
   !strcmp (p->pw_name, "noaccess") ||
   !strcmp (p->pw_name, "operator") ||
   !strcmp (p->pw_name, "daemon") ||
   !strcmp (p->pw_name, "bin") ||
   !strcmp (p->pw_name, "adm") ||
   !strcmp (p->pw_name, "sys") ||
   !strcmp (p->pw_name, "games"))
      {
   static char buf [1024];
   sprintf (buf, "running as %.100s",
       (p && p->pw_name && *p->pw_name
        ? p->pw_name : "<unknown>"));
   si->nolock_reason = buf;
   si->locking_disabled_p = True;
   si->dangerous_uid_p = True;
      }
  }
}


AFTER:
Code:
  {
    uid_t uid = getuid ();      /* get it again */
    struct passwd *p = getpwuid (uid);   /* get it again */

    if (!p ||
   uid == (uid_t)  1 ||
   uid == (uid_t) -1 ||
   uid == (uid_t) -2 ||
   p->pw_uid == (uid_t)  1 ||
   p->pw_uid == (uid_t) -1 ||
   p->pw_uid == (uid_t) -2 ||
   !p->pw_name ||
   !*p->pw_name ||
   !strcmp (p->pw_name, "root") ||
   !strcmp (p->pw_name, "nobody") ||
   !strcmp (p->pw_name, "noaccess") ||
   !strcmp (p->pw_name, "operator") ||
   !strcmp (p->pw_name, "daemon") ||
   !strcmp (p->pw_name, "bin") ||
   !strcmp (p->pw_name, "adm") ||
   !strcmp (p->pw_name, "sys") ||
   !strcmp (p->pw_name, "games"))
      {
   static char buf [1024];
   sprintf (buf, "running as %.100s",
       (p && p->pw_name && *p->pw_name
        ? p->pw_name : "<unknown>"));
   si->nolock_reason = buf;
   si->locking_disabled_p = True;
   si->dangerous_uid_p = True;
      }
  }
}


Now, root user has become user 1 instead of user 0.

Compiling:

Once the code has been hacked, it's time to run configure and make. Since I wanted the xscreensaver executables to operate as though they had been compiled when the original xscreensaver package was emerged using portage, I captured the argument passed to configure.

1) Configure using the following scripts; the 32-bit version:
Code:
./configure --prefix=/usr --host=i486-pc-linux-gnu --mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc --localstatedir=/var/lib --with-x-app-defaults=/usr/share/X11/app-defaults --with-hackdir=/usr/lib/misc/xscreensaver --with-configdir=/usr/share/xscreensaver/config --x-libraries=/usr/lib --x-includes=/usr/include --with-dpms-ext --with-xf86vmode-ext --with-xf86gamma-ext --with-proc-interrupts --with-xpm --with-xshm-ext --with-xdbe-ext --enable-locking --without-kerberos --without-gle --with-gtk --with-setuid-hacks --without-login-manager --without-xinerama-ext --with-gl --with-jpeg --build=i486-pc-linux-gnu

the 64 bit version:
Code:
./configure --prefix=/usr --host=x86_64-pc-linux-gnu --mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc --localstatedir=/var/lib --with-x-app-defaults=/usr/share/X11/app-defaults --with-hackdir=/usr/lib64/misc/xscreensaver --with-configdir=/usr/share/xscreensaver/config --x-libraries=/usr/lib64 --x-includes=/usr/include --with-dpms-ext --with-xf86vmode-ext --with-xf86gamma-ext --with-proc-interrupts --with-xpm --with-xshm-ext --with-xdbe-ext --enable-locking --without-kerberos --without-gle --with-gtk --without-setuid-hacks --without-login-manager --without-xinerama-ext --with-pam --with-gl --with-jpeg --libdir=/usr/lib64 --build=x86_64-pc-linux-gnu


2) make

3) Copy the following files to /usr/bin: /<src_dir>/driver/xscreensaver, xscreensaver-command, xscreensaver-demo, xscreensaver-demo-Gtk, and xscreensaver-getimage.

4) Start xscreensavers.

5) Enjoy!

Blessed be!
Pappy
_________________
This space left intentionally blank, except for these ASCII symbols.
Back to top
View user's profile Send private message
olivier elmekki
n00b
n00b


Joined: 29 Jan 2006
Posts: 55

PostPosted: Fri May 09, 2008 11:30 pm    Post subject: Reply with quote

Sorry but... I just can't get it. Why one may want to use xscreensaver as root?
_________________
blog : http://kikhome.net
professional site (french) : http://olivier-elmekki.com
Back to top
View user's profile Send private message
pappy_mcfae
Watchman
Watchman


Joined: 27 Dec 2007
Posts: 5911
Location: Pomona, California.

PostPosted: Sat May 10, 2008 3:47 am    Post subject: Reply with quote

Why might any user want screen savers? Should root user be denied eye candy? No, not at all. Now, those who want to operate as root user can do so with any GUI, and have screen savers. I fail to see what's so hard to fathom about that.

Blessed be!
Pappy
_________________
This space left intentionally blank, except for these ASCII symbols.
Back to top
View user's profile Send private message
bunder
Bodhisattva
Bodhisattva


Joined: 10 Apr 2004
Posts: 5213

PostPosted: Sat May 10, 2008 5:14 am    Post subject: Reply with quote

Moved from Desktop Environments to Unsupported Software.
_________________
goodbye fgo. it was nice knowing you.
Back to top
View user's profile Send private message
olivier elmekki
n00b
n00b


Joined: 29 Jan 2006
Posts: 55

PostPosted: Sat May 10, 2008 10:16 am    Post subject: Reply with quote

Quote:
Why might any user want screen savers?


You've got a point ;)

What I don't like in this is that it implies to start an X session as root (because else, the screensaver could simply be run as user). But yes, you've been enough informative about this at the very start, and maybe there are incredibly rare situations where it is necessary...

Making a patch is a quite simple process. Just get in the directory with the old source dir and the new one, and run :

Code:
diff -rNau old new > appname.patch

_________________
blog : http://kikhome.net
professional site (french) : http://olivier-elmekki.com
Back to top
View user's profile Send private message
pappy_mcfae
Watchman
Watchman


Joined: 27 Dec 2007
Posts: 5911
Location: Pomona, California.

PostPosted: Sat May 10, 2008 6:15 pm    Post subject: Reply with quote

It is my experience that those who operate as root user are sure to get some measure of abuse, assuming your distro allows you to operate as root in the first place. When I was posting in LinuxQuestions.com, anyone who admitted to, or asked questions about, or offered advice on operating as root was sure to receive all manner of flame.

Yes, there are risks inherent with operating as root. However, my point is who owns my computers; a bunch of people who didn't pay for them, don't maintain them, and don't have to dance with the devil when they go belly-up, or me? Whether I received the systems as a gift, as a barter, or whether I actually paid money to purchase them, they're my machines to do with as I please. Ayn Rand will back me up on this...well, not really, she's dead. :lol:

And yes, I understand that some people feel moved to inform me of how foolish and potentially dangerous my personal choice is in regards to having others take up the death-defying act of operating as root. And I also understand that a total n00b shouldn't take the risks I do.

But, if you look to the left of this message, you'll notice that I have achieved "Guru" status. While I'll gladly debate whether I qualify as Guru, the point remains I have more than a few years experience with Linux. While that experience has a large empty hole in the middle due to me abandoning Linux because I foolishly listened to a boss that told me there was no profit in working with free software, and Linux was a worthless passing fad, the point remains I didn't forget everything I learned the first time around.

So yes, I know the risks, and given the rest of what I deal with in a day, I'd say that worrying about whether someone is going to bring my computers crashing down is the least of them. I live and DRIVE in Dallas, Texas; in the heart of Tornado Alley and Soccer-Moms-In-SUV's-On-Cell-Phones "R" Us. I'm more scared about funnel clouds or Escalades than being root user.

Besides all that, what's the worst that can happen? I'll have to re-install Gentoo? Is that so bad considering I began using it because it was so cool to watch it compile my system? No. And even if I had to redo all of my systems, that would still be OK with me.

So, this hack is dedicated to all those who prefer to operate as root user. Whatever your reasons, you're not alone!

Blessed be!
Pappy
_________________
This space left intentionally blank, except for these ASCII symbols.
Back to top
View user's profile Send private message
pappy_mcfae
Watchman
Watchman


Joined: 27 Dec 2007
Posts: 5911
Location: Pomona, California.

PostPosted: Wed Aug 06, 2008 11:54 pm    Post subject: Reply with quote

At long last, I finally made the patch for this. It was built with xscreensaver-5.06, so it hiccups on 5.03-5.05, but it does work on all those versions.

Code:
--- /driver/exec.c   2008-07-05 06:31:59.000000000 -0500
+++ /filehold/xscreensaver-5.06-A/driver/exec.c   2008-08-05 03:55:46.000000000 -0500
@@ -191,10 +191,10 @@
       /* If you're thinking of commenting this out, think again.
          If you do so, you will open a security hole.  Mail jwz
          so that he may enlighten you as to the error of your ways.
-       */
+       
       fprintf (stderr, "%s: we're still running as root!  Disaster!\n",
                blurb());
-      exit (-1);
+      exit (-1); */
     }
 
   if (hairy_p)

--- /driver/setuid.c   2006-02-08 20:33:29.000000000 -0600
+++ /filehold/xscreensaver-5.06-A/driver/setuid.c   2008-08-05 03:59:05.000000000 -0500
@@ -261,7 +261,7 @@
     si->orig_uid = strdup (uid_gid_string (euid, egid));
 
     if (uid != euid || gid != egid)
-      if (set_ids_by_number (uid, gid, &si->uid_message) != 0)
+      if (set_ids_by_number (uid, gid, &si->uid_message) != 1)
    saver_exit (si, 1, 0);
   }
 
@@ -275,7 +275,7 @@
          of the xscreensaver manual titled "LOCKING AND ROOT LOGINS",
          and "USING XDM".
    */
-  if (getuid() == (uid_t) 0)
+  if (getuid() == (uid_t) 1)
     {
       si->locking_disabled_p = True;
       si->nolock_reason = "running as root";
@@ -294,7 +294,7 @@
          of the xscreensaver manual titled "LOCKING AND ROOT LOGINS",
          and "USING XDM".
    */
-  if (getuid() == (uid_t) 0)
+  if (getuid() == (uid_t) 1)
     {
       struct passwd *p;
 
@@ -331,10 +331,10 @@
     struct passwd *p = getpwuid (uid);   /* get it again */
 
     if (!p ||
-   uid == (uid_t)  0 ||
+   uid == (uid_t)  1 ||
    uid == (uid_t) -1 ||
    uid == (uid_t) -2 ||
-   p->pw_uid == (uid_t)  0 ||
+   p->pw_uid == (uid_t)  1 ||
    p->pw_uid == (uid_t) -1 ||
    p->pw_uid == (uid_t) -2 ||
    !p->pw_name ||
Enjoy!

Blessed be!
Pappy
_________________
This space left intentionally blank, except for these ASCII symbols.
Back to top
View user's profile Send private message
hirakendu
Guru
Guru


Joined: 24 Jan 2007
Posts: 386
Location: san diego

PostPosted: Mon Aug 11, 2008 8:54 am    Post subject: Reply with quote

Nice effort :). Should say you are just one step away from ebuild hacking :). I had been trying to get xscreensaver's working under gnome under root, but no easy way. Fortunately, I am more a kde user and its not so unforgiving to root'ers :). For a brief time I was using gnome, I used kdesktop_lock for locking screen etc. Although I don't remember if the lid functionality of my notebook worked. All said, there should be a bigger fatter red warning about the consequences ;). Aside, I have been very very pleased with Ubuntu's solution to both security and ease of use - feels so much in control even as a regular user and yet pretty secure. Must say its a formidable task and perhaps more important than even package management.
_________________
Helium Sources || Gentoo Minimal Livecd
Back to top
View user's profile Send private message
pappy_mcfae
Watchman
Watchman


Joined: 27 Dec 2007
Posts: 5911
Location: Pomona, California.

PostPosted: Mon Aug 11, 2008 9:03 am    Post subject: Reply with quote

I've already hacked an ebuild. Well, actually, I hacked the source code as per a bug report, and I used that hacked source along with an ebuild that was already in use. All I did to "hack" the ebuild was to change its name. Doing that, it called my "fixed" source code, and compiled. The bug prevented compilation.

I don't know it all. I sure wish I did. However, I'm working on it. One of these days, I might even add an ebuild to portage. Wouldn't that be a total geek hoot? I know it would be for me! 8)

Blessed be!
Pappy
_________________
This space left intentionally blank, except for these ASCII symbols.
Back to top
View user's profile Send private message
kernelOfTruth
Watchman
Watchman


Joined: 20 Dec 2005
Posts: 5678
Location: Vienna, Austria; Germany; hello world :)

PostPosted: Mon Aug 11, 2008 9:35 am    Post subject: Reply with quote

*subscribes*

this might come in handy one day :P
_________________
Unofficial minimal livecd x86/amd64 w/reiser4+truecrypt (by Neo2)
2.6.37.2_plus_v1: BFS, CFS,THP,compaction, zcache or TOI
Hardcore Linux user since 2004 :D
Back to top
View user's profile Send private message
pappy_mcfae
Watchman
Watchman


Joined: 27 Dec 2007
Posts: 5911
Location: Pomona, California.

PostPosted: Sun Mar 15, 2009 8:58 am    Post subject: Reply with quote

And, at long last, I debut the ebuild I made to simplify everything. It's not the best hack I've done, but it works.

Code:
# Copyright 1999-2009 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/x11-misc/xscreensaver/xscreensaver-5.08.ebuild,v 1.3 2009/01/19 15:09:11 ssuominen Exp $

EAPI=2

inherit autotools eutils flag-o-matic multilib pam

DESCRIPTION="A modular screen saver and locker for the X Window System"
SRC_URI="http://www.jwz.org/xscreensaver/${P}.tar.gz"
HOMEPAGE="http://www.jwz.org/xscreensaver"

LICENSE="BSD"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sh ~sparc ~x86 ~x86-fbsd"
IUSE="jpeg new-login opengl pam suid xinerama"

RDEPEND="x11-libs/libXmu
   x11-libs/libXxf86vm
   x11-libs/libXrandr
   x11-libs/libXxf86misc
   x11-libs/libXt
   x11-libs/libX11
   x11-libs/libXext
   x11-apps/xwininfo
   x11-apps/appres
   media-libs/netpbm
   >=dev-libs/libxml2-2.5
   >=x11-libs/gtk+-2
   >=gnome-base/libglade-1.99
   pam? ( virtual/pam )
   jpeg? ( media-libs/jpeg )
   opengl? ( virtual/opengl )
   xinerama? ( x11-libs/libXinerama )
   new-login? ( gnome-base/gdm )"
DEPEND="${RDEPEND}
   x11-proto/xf86vidmodeproto
   x11-proto/xextproto
   x11-proto/scrnsaverproto
   x11-proto/recordproto
   x11-proto/xf86miscproto
   sys-devel/bc
   dev-util/pkgconfig
   sys-devel/gettext
   dev-util/intltool
   xinerama? ( x11-proto/xineramaproto )"

src_prepare() {
   EPATCH_SUFFIX="patch" epatch "${FILESDIR}"/${PV}
   patch -p1 < "${FILESDIR}"/5.07/03_xscreensaver_root_uid_hack.patch
   eautoreconf #113681
}

src_configure() {
   unset BC_ENV_ARGS #24568

   econf \
      --with-x-app-defaults=/usr/share/X11/app-defaults \
      --with-hackdir=/usr/$(get_libdir)/misc/${PN} \
      --with-configdir=/usr/share/${PN}/config \
      --x-libraries=/usr/$(get_libdir) \
      --x-includes=/usr/include \
      --with-dpms-ext \
      --with-xf86vmode-ext \
      --with-xf86gamma-ext \
      --with-randr-ext \
      --with-proc-interrupts \
      --with-xshm-ext \
      --with-xdbe-ext \
      --enable-locking \
      --without-kerberos \
      --without-gle \
      --with-gtk \
      --with-pixbuf \
      --with-text-file=/etc/gentoo-release \
      $(use_with suid setuid-hacks) \
      $(use_with new-login login-manager) \
      $(use_with xinerama xinerama-ext) \
      $(use_with pam) \
      $(use_with opengl gl) \
      $(use_with jpeg)
}

src_compile() {
   if use ppc || use ppc64; then
      # Still fails to build "flurry" screensaver.
      filter-flags -mabi=altivec
      filter-flags -maltivec
      append-flags -U__VEC__
   fi

   emake -j1 || die "emake failed." #155049
}

src_install() {
   emake install_prefix="${D}" install || die "emake install failed."
   dodoc README{,.hacking}

   use pam && fperms 755 /usr/bin/${PN}
   pamd_mimic_system ${PN} auth

   # Collision with electricsheep, bug 135549
   rm -f "${D}"/usr/share/${PN}/config/{electricsheep,fireflies}.xml
}


The patch file is the one posted above this ebuild. It sure beats patching and compiling the old-fashioned way.

Blessed be!
Pappy
_________________
This space left intentionally blank, except for these ASCII symbols.
Back to top
View user's profile Send private message
desultory
Administrator
Administrator


Joined: 04 Nov 2005
Posts: 7943

PostPosted: Tue Mar 17, 2009 5:22 am    Post subject: Reply with quote

Split off "Security debate: to root or not to root?".
Back to top
View user's profile Send private message
hirakendu
Guru
Guru


Joined: 24 Jan 2007
Posts: 386
Location: san diego

PostPosted: Thu Mar 26, 2009 7:33 am    Post subject: Reply with quote

Almost forgot about this effort. Meanwhile, on a related note, for those using gnome, I have a modified gnome-session ebuild that disables the warning message when logging in as root and a modified gnome-screensaver ebuild that allows to lock screen when logged in as root. (Do create a desktop-lock-icon.) The ebuilds are in this portage archive. I used to use 'kdesktop_lock --forcelock' with kde 3.5, but in kde4, it has been replaced with '/usr/lib/kde4/libexec/krunner_lock --forcelock'.

While your xscreensaver patch is apparently benign and just disables the uid==0 check, it is simpler and safer to do with gnome-screensaver (patch only at one place) if using gnome, and possibly much safer if using kde and krunner_lock.

Meanwhile, I believe security is an important issue, but so is ease-of-use. I believe Ubuntu has done a great job of balancing the both and hope the 'enhancements' are included upstream and/or other distros too.

Btw, do I find lesser and lesser screensavers in xscreensaver package these days? I don't see lorenz and euphoria (fortunately the kde versions are still present). Flurry was absent in Ubuntu 8.10, but still there in Gentoo fortunately.
_________________
Helium Sources || Gentoo Minimal Livecd
Back to top
View user's profile Send private message
kernelOfTruth
Watchman
Watchman


Joined: 20 Dec 2005
Posts: 5678
Location: Vienna, Austria; Germany; hello world :)

PostPosted: Thu Feb 25, 2010 8:43 pm    Post subject: Reply with quote

no need for xscreensaver and complicated hacking :idea:

xscreensaver purposely was bereft from root-support, so emerge xlockmore and use that one instead :wink:

I don't often have to lock my screen when logged on as root - mostly only when restoring a system and copying large amounts of data to get the system ready for work again, so xlock is the ideal solution for me
_________________
Unofficial minimal livecd x86/amd64 w/reiser4+truecrypt (by Neo2)
2.6.37.2_plus_v1: BFS, CFS,THP,compaction, zcache or TOI
Hardcore Linux user since 2004 :D
Back to top
View user's profile Send private message
kernelOfTruth
Watchman
Watchman


Joined: 20 Dec 2005
Posts: 5678
Location: Vienna, Austria; Germany; hello world :)

PostPosted: Fri Jun 13, 2014 3:07 pm    Post subject: Reply with quote

anyone still using xscreensaver as root ?


sometimes I'm loggin into Xfce4 as root (via slim) to export the ZFS zpools and then suspend the box via the "Applications Menu"

but there's no screensaver active

so this is a big security risk not being able to run any screensaver


or are there alternatives ?
_________________
Unofficial minimal livecd x86/amd64 w/reiser4+truecrypt (by Neo2)
2.6.37.2_plus_v1: BFS, CFS,THP,compaction, zcache or TOI
Hardcore Linux user since 2004 :D
Back to top
View user's profile Send private message
Ant P.
Advocate
Advocate


Joined: 18 Apr 2009
Posts: 2303
Location: UK

PostPosted: Fri Jun 20, 2014 10:32 pm    Post subject: Reply with quote

Wouldn't it be simpler to make /usr/bin/xscreensaver a wrapper script that runs the real binary as a non-root user? The objective here is to get it to run while logged in as root, not necessarily to get it to run as root itself.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Unsupported Software All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum