Cross Reference: xscreensaver-07-allow-root.diff
xref
: /
solaris-desktop
/
patches
/
xscreensaver-07-allow-root.diff
Home
History
Annotate
Line#
Navigate
Download
Search
only in
./
xscreensaver-07-allow-root.diff revision 19117
10139
N/A
/*
10139
N/A
* Copyright (c) 2003, 2010, Oracle
and
/
or
its affiliates. All rights reserved.
10139
N/A
*
10139
N/A
* Permission is hereby granted, free of charge, to any person obtaining a
10139
N/A
* copy of this software and associated documentation files (the "Software"),
10139
N/A
* to deal in the Software without restriction, including without limitation
10139
N/A
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
10139
N/A
*
and
/
or
sell copies of the Software, and to permit persons to whom the
10139
N/A
* Software is furnished to do so, subject to the following conditions:
10139
N/A
*
10139
N/A
* The above copyright notice and this permission notice (including the next
10139
N/A
* paragraph) shall be included in all copies or substantial portions of the
10139
N/A
* Software.
10139
N/A
*
10474
N/A
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
10139
N/A
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
10139
N/A
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
10139
N/A
* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
10139
N/A
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
10285
N/A
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
10139
N/A
* DEALINGS IN THE SOFTWARE.
10139
N/A
*/
10139
N/A
10139
N/A
Fix
for
:
4849641
:
xscreensaver
won
't run as root
10139
N/A
10139
N/A
Let root lock the screen, but don'
t
launch
the
hacks
for
root
.
10139
N/A
10139
N/A
(
Upstream
maintainer
argues
instead
that
users
should
not
login
as
root
,
10139
N/A
which
is
correct
,
but
not
something
we
can
force
our
customers
to
stop
10139
N/A
doing
.
See
http
:
//
www.jwz.org
/
xscreensaver
/
faq.html
#root-lock for his side.)
10139
N/A
---
10139
N/A
driver
/
demo
-
Gtk
.c |
26
++++++++++++++++++++++++++
10139
N/A
driver
/
exec
.c |
2
++
10139
N/A
driver
/
setuid
.c |
12
++++++++++++
10139
N/A
driver
/
subprocs
.c |
3
+++
10139
N/A
driver
/
timers
.c |
2
+-
10139
N/A
driver
/
xscreensaver
.c |
7
++++---
10139
N/A
6
files
changed
,
48
insertions
(+),
4
deletions
(-)
10139
N/A
10139
N/A
diff
--
git
xscreensaver
-
5.12
/
driver
/
demo
-
Gtk
.c
xscreensaver
-
5.12
/
driver
/
demo
-
Gtk
.c
10139
N/A
---
xscreensaver
-
5.12
/
driver
/
demo
-
Gtk
.c
10139
N/A
+++
xscreensaver
-
5.12
/
driver
/
demo
-
Gtk
.c
10139
N/A
@@ -
686
,
6
+
686
,
14
@@
run_cmd
(
state
*s,
Atom
command
,
int
arg
)
10139
N/A
char
*
err
=
0
;
10139
N/A
int
status
;
10139
N/A
10139
N/A
+
if
(
getuid
() ==
0
)
10139
N/A
+ {
10139
N/A
+
char
buf
[
255
];
10139
N/A
+
strlcpy
(
buf
, _(
"Can not run hacks if logged in as root!"
),
sizeof
(
buf
));
10139
N/A
+
warning_dialog
(s->
toplevel_widget
,
buf
,
False
,
100
);
10139
N/A
+
return
;
10139
N/A
+ }
10139
N/A
+
10139
N/A
flush_dialog_changes_and_save
(s);
10139
N/A
status
=
xscreensaver_command
(
GDK_DISPLAY
(),
command
,
arg
,
False
, &
err
);
10139
N/A
10139
N/A
@@ -
716
,
6
+
724
,
14
@@
run_hack
(
state
*s,
int
list_elt
,
Bool
report_errors_p
)
10139
N/A
char
*
err
=
0
;
10139
N/A
int
status
;
10504
N/A
10139
N/A
+
if
(
getuid
() ==
0
)
10139
N/A
+ {
10139
N/A
+
char
buf
[
255
];
10139
N/A
+
strlcpy
(
buf
, _(
"Can not run hacks if logged in as root!"
),
sizeof
(
buf
));
10139
N/A
+
warning_dialog
(s->
toplevel_widget
,
buf
,
False
,
100
);
10139
N/A
+
return
;
10139
N/A
+ }
10139
N/A
+
10139
N/A
if
(
list_elt
<
0
)
return
;
10139
N/A
hack_number
= s->
list_elt_to_hack_number
[
list_elt
];
10139
N/A
10139
N/A
@@ -
5137
,
6
+
5153
,
15
@@
main
(
int
argc
,
char
**
argv
)
10139
N/A
GtkMenu
*
menu
=
GTK_MENU
(
gtk_option_menu_get_menu
(
opt
));
10139
N/A
GList
*
kids
=
gtk_container_children
(
GTK_CONTAINER
(
menu
));
10139
N/A
int
i;
10139
N/A
+
10139
N/A
+
if
(
getuid
() ==
0
)
10139
N/A
+ {
10139
N/A
+
/* If logged in as root disable menu so user can't activate a hack. */
10139
N/A
+
gtk_widget_set_sensitive
(
GTK_WIDGET
(
opt
),
False
);
10139
N/A
+
gtk_widget_set_sensitive
(
GTK_WIDGET
(
menu
),
False
);
10139
N/A
+ }
10139
N/A
+
else
10139
N/A
+ {
10139
N/A
for
(i =
0
;
kids
;
kids
=
kids
->
next
, i++)
10139
N/A
{
10139
N/A
gtk_signal_connect
(
GTK_OBJECT
(
kids
->
data
),
"activate"
,
10139
N/A
@@ -
5150
,
6
+
5175
,
7
@@
main
(
int
argc
,
char
**
argv
)
10139
N/A
mode_menu_order
[i] ==
RANDOM_HACKS_SAME
)
10139
N/A
gtk_widget_hide
(
GTK_WIDGET
(
kids
->
data
));
10139
N/A
}
10139
N/A
+ }
10139
N/A
10139
N/A
if
(s->
nscreens
<=
1
)
/* recompute option-menu size */
10139
N/A
{
10139
N/A
diff
--
git
xscreensaver
-
5.12
/
driver
/
exec
.c
xscreensaver
-
5.12
/
driver
/
exec
.c
10139
N/A
---
xscreensaver
-
5.12
/
driver
/
exec
.c
10139
N/A
+++
xscreensaver
-
5.12
/
driver
/
exec
.c
10139
N/A
@@ -
186
,
6
+
186
,
7
@@
exec_command
(
const
char
*
shell
,
const
char
*
command
,
int
nice_level
)
10139
N/A
hairy_p
= !!
strpbrk
(
command
,
"*?$&!<>[];`'\\\"="
);
10139
N/A
/* note: = is in the above because of the sh syntax "FOO=bar cmd". */
10139
N/A
10139
N/A
+#
ifdef
DONT_ALLOW_ROOT_LOGIN
10139
N/A
if
(
getuid
() == (
uid_t
)
0
||
geteuid
() == (
uid_t
)
0
)
10139
N/A
{
10139
N/A
/* If you're thinking of commenting this out, think again.
10139
N/A
@@ -196,6 +197,7 @@ exec_command (const char *shell, const char *command, int nice_level)
10139
N/A
blurb());
10139
N/A
exit (-1);
10139
N/A
}
10139
N/A
+#endif /*DONT_ALLOW_ROOT_LOGIN*/
10139
N/A
10504
N/A
if
(
hairy_p
)
10504
N/A
/* If it contains any shell metacharacters, do it the hard way,
10474
N/A
diff --git
xscreensaver-5.12
/
driver
/
setuid.c
xscreensaver-5.12
/
driver
/
setuid.c
10474
N/A
---
xscreensaver-5.12
/
driver
/
setuid.c
10285
N/A
+++
xscreensaver-5.12
/
driver
/
setuid.c
10285
N/A
@@ -121,6 +121,10 @@ set_ids_by_number (uid_t uid, gid_t gid, char **message_ret)
10139
N/A
struct passwd *p = getpwuid (uid);
10139
N/A
struct group *g = getgrgid (gid);
10139
N/A
10139
N/A
+ /* if we are logged in as root i.e. uid==0 then dont do anything*/
10139
N/A
+
if
(
getuid
() == (
uid_t
)
0
)
10139
N/A
+
return
0
;
10139
N/A
+
10139
N/A
if
(
message_ret
)
10139
N/A
*
message_ret
=
0
;
10139
N/A
10139
N/A
@@ -
278
,
11
+
282
,
13
@@
hack_uid
(
saver_info
*
si
)
10139
N/A
of
the
xscreensaver
manual
titled
"LOCKING AND ROOT LOGINS"
,
10139
N/A
and
"USING XDM"
.
10139
N/A
*/
10139
N/A
+#
ifdef
DONT_ALLOW_ROOT_LOGIN
10139
N/A
if
(
getuid
() == (
uid_t
)
0
)
10139
N/A
{
10139
N/A
si
->
locking_disabled_p
=
True
;
10139
N/A
si
->
nolock_reason
=
"running as root"
;
10139
N/A
}
10139
N/A
+#
endif
/*DONT_ALLOW_ROOT_LOGIN*/
10139
N/A
10139
N/A
10139
N/A
/* If we're running as root, switch to a safer user. This is above and
10139
N/A
@@ -297,6 +303,8 @@ hack_uid (saver_info *si)
10139
N/A
of the xscreensaver manual titled "LOCKING AND ROOT LOGINS",
10139
N/A
and "USING XDM".
10139
N/A
*/
10139
N/A
+
/* We are letting root login to fix a P1 bug, i.e. root should lock screen*/
10139
N/A
+#
ifdef
DONT_ALLOW_ROOT_LOGIN
10139
N/A
if
(
getuid
() == (
uid_t
)
0
)
10139
N/A
{
10139
N/A
struct
passwd
*p;
10139
N/A
@@ -
315
,
6
+
323
,
7
@@
hack_uid
(
saver_info
*
si
)
10139
N/A
if
(
set_ids_by_number
(p->
pw_uid
, p->
pw_gid
, &
si
->
uid_message
) !=
0
)
10139
N/A
saver_exit
(
si
, -
1
,
0
);
10139
N/A
}
10139
N/A
+#
endif
/*DONT_ALLOW_ROOT_LOGIN*/
10139
N/A
10139
N/A
10139
N/A
/* If there's anything even remotely funny looking about the passwd struct,
@@ -357,7 +366,10 @@ hack_uid (saver_info *si)
(p && p->pw_name && *p->pw_name
? p->pw_name : "<unknown>"));
si->nolock_reason = buf;
+
+#ifdef DONT_ALLOW_ROOT_LOGIN
si->locking_disabled_p = True;
+#endif
si->dangerous_uid_p = True;
}
}
diff --git
xscreensaver-5.12
/
driver
/
subprocs.c
xscreensaver-5.12
/
driver
/
subprocs.c
---
xscreensaver-5.12
/
driver
/
subprocs.c
+++
xscreensaver-5.12
/
driver
/
subprocs.c
@@ -939,6 +939,9 @@ spawn_screenhack (saver_screen_info *ssi)
saver_preferences *p = &si->prefs;
char* complete_hack_command;
+ if (getuid () == 0)
+ return; /* Dont let hacks run if logged in as root*/
+
if
(
si
->
prefs
.
verbose_p
)
fprintf
(
stderr
,
"--> spawn_screenhack()\n"
);
diff
--
git
xscreensaver
-
5.12
/
driver
/
timers
.c
xscreensaver
-
5.12
/
driver
/
timers
.c
---
xscreensaver
-
5.12
/
driver
/
timers
.c
+++
xscreensaver
-
5.12
/
driver
/
timers
.c
@@ -
282
,
7
+
282
,
7
@@
cycle_timer
(
XtPointer
closure
,
XtIntervalId
*
id
)
raise_window
(
si
,
True
,
True
,
False
);
-
if
(!
si
->
throttled_p
)
+
if
(!
si
->
throttled_p
&&
getuid
() !=
0
)
for
(i =
0
; i <
si
->
nscreens
; i++)
spawn_screenhack
(&
si
->
screens
[i]);
else
diff
--
git
xscreensaver
-
5.12
/
driver
/
xscreensaver
.c
xscreensaver
-
5.12
/
driver
/
xscreensaver
.c
---
xscreensaver
-
5.12
/
driver
/
xscreensaver
.c
+++
xscreensaver
-
5.12
/
driver
/
xscreensaver
.c
@@ -
458
,
6
+
458
,
7
@@
startup_ehandler
(
String
name
,
String
type
,
String
class
,
describe_uids
(
si
,
stderr
);
+#
ifdef
DONT_ALLOW_ROOT_LOGIN
if
(
si
->
orig_uid
&& !
strncmp
(
si
->
orig_uid
,
"root/"
,
5
))
{
fprintf
(
stderr
,
"\n"
@@ -
471
,
11
+
472
,
11
@@
startup_ehandler
(
String
name
,
String
type
,
String
class
,
blurb
());
}
else
+#
endif
/*DONT_ALLOW_ROOT_LOGIN*/
{
fprintf
(
stderr
,
"\n"
"%s: Errors at startup are usually authorization problems.\n"
-
" But you're not logging in as root (good!) so something\n"
-
" else must be wrong. Did you read the manual and the FAQ?\n"
,
+
" Did you read the manual and the FAQ?\n"
,
blurb
());
}
@@ -
1269
,
7
+
1270
,
7
@@
main_loop
(
saver_info
*
si
)
kill_screenhack
(&
si
->
screens
[i]);
raise_window
(
si
,
True
,
True
,
False
);
-
if
(
si
->
throttled_p
)
+
if
(
si
->
throttled_p
||
getuid
() ==
0
)
fprintf
(
stderr
,
"%s: not launching hack (throttled.)\n"
,
blurb
());
else
for
(i =
0
; i <
si
->
nscreens
; i++)