19033N/A/*
19033N/A * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
19033N/A *
19033N/A * Permission is hereby granted, free of charge, to any person obtaining a
19033N/A * copy of this software and associated documentation files (the "Software"),
19033N/A * to deal in the Software without restriction, including without limitation
19033N/A * the rights to use, copy, modify, merge, publish, distribute, sublicense,
19033N/A * and/or sell copies of the Software, and to permit persons to whom the
19033N/A * Software is furnished to do so, subject to the following conditions:
19033N/A *
19033N/A * The above copyright notice and this permission notice (including the next
19033N/A * paragraph) shall be included in all copies or substantial portions of the
19033N/A * Software.
19033N/A *
19033N/A * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19033N/A * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19033N/A * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19033N/A * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19033N/A * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
19033N/A * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
19033N/A * DEALINGS IN THE SOFTWARE.
19033N/A */
19033N/A
19033N/AFix for: 4849641: xscreensaver won't run as root
19033N/A
19033N/ALet root lock the screen, but don't launch the hacks for root.
19033N/A
19033N/A(Upstream maintainer argues instead that users should not login as root,
19033N/A which is correct, but not something we can force our customers to stop
19033N/A doing. See http://www.jwz.org/xscreensaver/faq.html#root-lock for his side.)
19033N/A---
19033N/A driver/demo-Gtk.c | 26 ++++++++++++++++++++++++++
19033N/A driver/exec.c | 2 ++
19033N/A driver/setuid.c | 12 ++++++++++++
19033N/A driver/subprocs.c | 3 +++
19033N/A driver/timers.c | 2 +-
19033N/A driver/xscreensaver.c | 7 ++++---
19033N/A 6 files changed, 48 insertions(+), 4 deletions(-)
19033N/A
19033N/Adiff --git xscreensaver-5.12/driver/demo-Gtk.c xscreensaver-5.12/driver/demo-Gtk.c
19033N/A--- xscreensaver-5.12/driver/demo-Gtk.c
19033N/A+++ xscreensaver-5.12/driver/demo-Gtk.c
19117N/A@@ -686,6 +686,14 @@ run_cmd (state *s, Atom command, int arg)
19033N/A char *err = 0;
19033N/A int status;
19033N/A
19033N/A+ if (getuid () == 0)
19033N/A+ {
19033N/A+ char buf [255];
19033N/A+ strlcpy (buf, _("Can not run hacks if logged in as root!"), sizeof(buf));
19033N/A+ warning_dialog (s->toplevel_widget, buf, False, 100);
19033N/A+ return;
19033N/A+ }
19033N/A+
19033N/A flush_dialog_changes_and_save (s);
19033N/A status = xscreensaver_command (GDK_DISPLAY(), command, arg, False, &err);
19033N/A
19117N/A@@ -716,6 +724,14 @@ run_hack (state *s, int list_elt, Bool report_errors_p)
19033N/A char *err = 0;
19033N/A int status;
19033N/A
19033N/A+ if (getuid () == 0)
19033N/A+ {
19033N/A+ char buf [255];
19033N/A+ strlcpy (buf, _("Can not run hacks if logged in as root!"), sizeof(buf));
19033N/A+ warning_dialog (s->toplevel_widget, buf, False, 100);
19033N/A+ return;
19033N/A+ }
19033N/A+
19033N/A if (list_elt < 0) return;
19033N/A hack_number = s->list_elt_to_hack_number[list_elt];
19033N/A
19117N/A@@ -5137,6 +5153,15 @@ main (int argc, char **argv)
19033N/A GtkMenu *menu = GTK_MENU (gtk_option_menu_get_menu (opt));
19033N/A GList *kids = gtk_container_children (GTK_CONTAINER (menu));
19033N/A int i;
19033N/A+
19033N/A+ if (getuid () == 0)
19033N/A+ {
19033N/A+ /* If logged in as root disable menu so user can't activate a hack. */
19033N/A+ gtk_widget_set_sensitive (GTK_WIDGET (opt), False);
19033N/A+ gtk_widget_set_sensitive (GTK_WIDGET (menu), False);
19033N/A+ }
19033N/A+ else
19033N/A+ {
19033N/A for (i = 0; kids; kids = kids->next, i++)
19033N/A {
19033N/A gtk_signal_connect (GTK_OBJECT (kids->data), "activate",
19117N/A@@ -5150,6 +5175,7 @@ main (int argc, char **argv)
19033N/A mode_menu_order[i] == RANDOM_HACKS_SAME)
19033N/A gtk_widget_hide (GTK_WIDGET (kids->data));
19033N/A }
19033N/A+ }
19033N/A
19033N/A if (s->nscreens <= 1) /* recompute option-menu size */
19033N/A {
19033N/Adiff --git xscreensaver-5.12/driver/exec.c xscreensaver-5.12/driver/exec.c
19033N/A--- xscreensaver-5.12/driver/exec.c
19033N/A+++ xscreensaver-5.12/driver/exec.c
19033N/A@@ -186,6 +186,7 @@ exec_command (const char *shell, const char *command, int nice_level)
19033N/A hairy_p = !!strpbrk (command, "*?$&!<>[];`'\\\"=");
19033N/A /* note: = is in the above because of the sh syntax "FOO=bar cmd". */
19033N/A
19033N/A+#ifdef DONT_ALLOW_ROOT_LOGIN
19033N/A if (getuid() == (uid_t) 0 || geteuid() == (uid_t) 0)
19033N/A {
19033N/A /* If you're thinking of commenting this out, think again.
19033N/A@@ -196,6 +197,7 @@ exec_command (const char *shell, const char *command, int nice_level)
19033N/A blurb());
19033N/A exit (-1);
19033N/A }
19033N/A+#endif /*DONT_ALLOW_ROOT_LOGIN*/
19033N/A
19033N/A if (hairy_p)
19033N/A /* If it contains any shell metacharacters, do it the hard way,
19033N/Adiff --git xscreensaver-5.12/driver/setuid.c xscreensaver-5.12/driver/setuid.c
19033N/A--- xscreensaver-5.12/driver/setuid.c
19033N/A+++ xscreensaver-5.12/driver/setuid.c
19033N/A@@ -121,6 +121,10 @@ set_ids_by_number (uid_t uid, gid_t gid, char **message_ret)
19033N/A struct passwd *p = getpwuid (uid);
19033N/A struct group *g = getgrgid (gid);
19033N/A
19033N/A+ /* if we are logged in as root i.e. uid==0 then dont do anything*/
19033N/A+ if (getuid () == (uid_t) 0)
19033N/A+ return 0;
19033N/A+
19033N/A if (message_ret)
19033N/A *message_ret = 0;
19033N/A
19033N/A@@ -278,11 +282,13 @@ hack_uid (saver_info *si)
19033N/A of the xscreensaver manual titled "LOCKING AND ROOT LOGINS",
19033N/A and "USING XDM".
19033N/A */
19033N/A+#ifdef DONT_ALLOW_ROOT_LOGIN
19033N/A if (getuid() == (uid_t) 0)
19033N/A {
19033N/A si->locking_disabled_p = True;
19033N/A si->nolock_reason = "running as root";
19033N/A }
19033N/A+#endif /*DONT_ALLOW_ROOT_LOGIN*/
19033N/A
19033N/A
19033N/A /* If we're running as root, switch to a safer user. This is above and
19033N/A@@ -297,6 +303,8 @@ hack_uid (saver_info *si)
19033N/A of the xscreensaver manual titled "LOCKING AND ROOT LOGINS",
19033N/A and "USING XDM".
19033N/A */
19033N/A+/* We are letting root login to fix a P1 bug, i.e. root should lock screen*/
19033N/A+#ifdef DONT_ALLOW_ROOT_LOGIN
19033N/A if (getuid() == (uid_t) 0)
19033N/A {
19033N/A struct passwd *p;
19033N/A@@ -315,6 +323,7 @@ hack_uid (saver_info *si)
19033N/A if (set_ids_by_number (p->pw_uid, p->pw_gid, &si->uid_message) != 0)
19033N/A saver_exit (si, -1, 0);
19033N/A }
19033N/A+#endif /*DONT_ALLOW_ROOT_LOGIN*/
19033N/A
19033N/A
19033N/A /* If there's anything even remotely funny looking about the passwd struct,
19033N/A@@ -357,7 +366,10 @@ hack_uid (saver_info *si)
19033N/A (p && p->pw_name && *p->pw_name
19033N/A ? p->pw_name : "<unknown>"));
19033N/A si->nolock_reason = buf;
19033N/A+
19033N/A+#ifdef DONT_ALLOW_ROOT_LOGIN
19033N/A si->locking_disabled_p = True;
19033N/A+#endif
19033N/A si->dangerous_uid_p = True;
19033N/A }
19033N/A }
19033N/Adiff --git xscreensaver-5.12/driver/subprocs.c xscreensaver-5.12/driver/subprocs.c
19033N/A--- xscreensaver-5.12/driver/subprocs.c
19033N/A+++ xscreensaver-5.12/driver/subprocs.c
19033N/A@@ -939,6 +939,9 @@ spawn_screenhack (saver_screen_info *ssi)
19033N/A saver_preferences *p = &si->prefs;
19033N/A char* complete_hack_command;
19033N/A
19033N/A+ if (getuid () == 0)
19033N/A+ return; /* Dont let hacks run if logged in as root*/
19033N/A+
19033N/A if (si->prefs.verbose_p)
19033N/A fprintf(stderr, "--> spawn_screenhack()\n");
19033N/A
19033N/Adiff --git xscreensaver-5.12/driver/timers.c xscreensaver-5.12/driver/timers.c
19033N/A--- xscreensaver-5.12/driver/timers.c
19033N/A+++ xscreensaver-5.12/driver/timers.c
19033N/A@@ -282,7 +282,7 @@ cycle_timer (XtPointer closure, XtIntervalId *id)
19033N/A
19033N/A raise_window (si, True, True, False);
19033N/A
19033N/A- if (!si->throttled_p)
19033N/A+ if (!si->throttled_p && getuid () != 0)
19033N/A for (i = 0; i < si->nscreens; i++)
19033N/A spawn_screenhack (&si->screens[i]);
19033N/A else
19033N/Adiff --git xscreensaver-5.12/driver/xscreensaver.c xscreensaver-5.12/driver/xscreensaver.c
19033N/A--- xscreensaver-5.12/driver/xscreensaver.c
19033N/A+++ xscreensaver-5.12/driver/xscreensaver.c
19117N/A@@ -458,6 +458,7 @@ startup_ehandler (String name, String type, String class,
19033N/A
19033N/A describe_uids (si, stderr);
19033N/A
19033N/A+#ifdef DONT_ALLOW_ROOT_LOGIN
19033N/A if (si->orig_uid && !strncmp (si->orig_uid, "root/", 5))
19033N/A {
19033N/A fprintf (stderr, "\n"
19117N/A@@ -471,11 +472,11 @@ startup_ehandler (String name, String type, String class,
19033N/A blurb());
19033N/A }
19033N/A else
19033N/A+#endif /*DONT_ALLOW_ROOT_LOGIN*/
19033N/A {
19033N/A fprintf (stderr, "\n"
19033N/A "%s: Errors at startup are usually authorization problems.\n"
19033N/A-" But you're not logging in as root (good!) so something\n"
19033N/A-" else must be wrong. Did you read the manual and the FAQ?\n",
19033N/A+" Did you read the manual and the FAQ?\n",
19033N/A blurb());
19033N/A }
19033N/A
19117N/A@@ -1269,7 +1270,7 @@ main_loop (saver_info *si)
19033N/A kill_screenhack (&si->screens[i]);
19033N/A
19033N/A raise_window (si, True, True, False);
19033N/A- if (si->throttled_p)
19033N/A+ if (si->throttled_p || getuid () == 0)
19033N/A fprintf (stderr, "%s: not launching hack (throttled.)\n", blurb());
19033N/A else
19033N/A for (i = 0; i < si->nscreens; i++)
19033N/A