bug#57071: Xscreensaver not working since latest patch

[Ludovic Courtès]

Hi Rick,

Rick Huijzer <ikbenrickhuyzer@gmail.com> skribis:

> The latest xscreensaver patch <https://issues.guix.gnu.org/56597> rendered
> xscreensaver unusable on my systems. When I try to unlock my screen I am
> greeted with the message 'xscreensaver: don't login as root', even though I
> don't invoke it as root.
>
>
> $xscreensaver-command -lock
> Aug  9 08:45:22 localhost shepherd[1]: [slim] xscreensaver-gfx: 08:45:22:
> 1: running as root: not launching hacks.
> Aug  9 09:10:29 localhost shepherd[1]: [slim] xscreensaver-command: locking
> Aug  9 09:10:32 localhost shepherd[1]: [slim] xscreensaver-gfx: 09:10:32:
> 0: running as root: not launching hacks.
>
> When I remove the
> (screen-locker-service xscreensaver)
> I run into all kinds of set-uid problems.

Sorry about that, I built it during review but did not actually run it.

One effect of ‘screen-locker-service’ is to make the program setuid-root
so that it can authenticate users.  It would seem that something changed
in xscreensaver in that area; quoth ‘driver/subprocs.c’:

--8<---------------cut here---------------start------------->8---
      if (getuid() == (uid_t) 0 || geteuid() == (uid_t) 0)
        /* Prior to XScreenSaver 6, if running as root, we would change the
           effective uid to the user "nobody" or "daemon" or "noaccess",
           but even that was just encouraging bad behavior.  Don't log in
           as root. */
        {
          fprintf (stderr, "%s: %d: running as root: not launching hacks.\n",
                   blurb(), ssi->number);
          screenhack_obituary (ssi, "", "XScreenSaver: Don't log in as root.");
          goto DONE;
        }
--8<---------------cut here---------------end--------------->8---

OTOH the ‘disavow_privileges’ function is supposed to drop root
privileges early on.

So I’m not sure how it’s supposed to be run.  R0man, ideas?

Thanks,
Ludo’.