Mercurial Mercurial > upstream > oracle > userland-gate / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/desktop/xscreensaver/patches/07-allow-root.patch
changeset 5400 1199f8e91f50 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/desktop/xscreensaver/patches/07-allow-root.patch	Sun Jan 31 19:31:13 2016 -0800
@@ -0,0 +1,209 @@
+Fix for: Bug 15155994 - SUNBT4849641 xscreensaver won't run as root
+
+Let root lock the screen, but don't launch the hacks for root.
+
+Rejected by upstream because upstream author argues instead that users should
+not login as root, which is correct, but not something we can force all of
+our customers to stop doing.
+
+See http://www.jwz.org/xscreensaver/faq.html#root-lock for his side.
+---
+ driver/demo-Gtk.c     |   26 ++++++++++++++++++++++++++
+ driver/exec.c         |    2 ++
+ driver/setuid.c       |   12 ++++++++++++
+ driver/subprocs.c     |    3 +++
+ driver/timers.c       |    2 +-
+ driver/xscreensaver.c |    7 ++++---
+ 6 files changed, 48 insertions(+), 4 deletions(-)
+
+diff --git a/driver/demo-Gtk.c b/driver/demo-Gtk.c
+--- a/driver/demo-Gtk.c
++++ b/driver/demo-Gtk.c
+@@ -687,6 +687,14 @@ run_cmd (state *s, Atom command, int arg)
+   char *err = 0;
+   int status;
+ 
++  if (getuid () == 0)
++    {
++      char buf [255];
++      strlcpy (buf, _("Can not run hacks if logged in as root!"), sizeof(buf));
++      warning_dialog (s->toplevel_widget, buf, False, 100);
++      return;
++    }
++
+   flush_dialog_changes_and_save (s);
+   status = xscreensaver_command (GDK_DISPLAY(), command, arg, False, &err);
+ 
+@@ -717,6 +725,14 @@ run_hack (state *s, int list_elt, Bool report_errors_p)
+   char *err = 0;
+   int status;
+ 
++  if (getuid () == 0)
++    {
++      char buf [255];
++      strlcpy (buf, _("Can not run hacks if logged in as root!"), sizeof(buf));
++      warning_dialog (s->toplevel_widget, buf, False, 100);
++      return;
++    }
++
+   if (list_elt < 0) return;
+   hack_number = s->list_elt_to_hack_number[list_elt];
+ 
+@@ -5155,6 +5171,15 @@ main (int argc, char **argv)
+     GtkMenu *menu = GTK_MENU (gtk_option_menu_get_menu (opt));
+     GList *kids = gtk_container_children (GTK_CONTAINER (menu));
+     int i;
++
++    if (getuid () == 0)
++      {
++        /* If logged in as root disable menu so user can't activate a hack. */
++        gtk_widget_set_sensitive (GTK_WIDGET (opt), False);
++        gtk_widget_set_sensitive (GTK_WIDGET (menu), False);
++      }
++    else
++    {
+     for (i = 0; kids; kids = kids->next, i++)
+       {
+         gtk_signal_connect (GTK_OBJECT (kids->data), "activate",
+@@ -5168,6 +5193,7 @@ main (int argc, char **argv)
+             mode_menu_order[i] == RANDOM_HACKS_SAME)
+           gtk_widget_hide (GTK_WIDGET (kids->data));
+       }
++    }
+ 
+     if (s->nscreens <= 1)   /* recompute option-menu size */
+       {
+diff --git a/driver/exec.c b/driver/exec.c
+--- a/driver/exec.c
++++ b/driver/exec.c
+@@ -186,6 +186,7 @@ exec_command (const char *shell, const char *command, int nice_level)
+   hairy_p = !!strpbrk (command, "*?$&!<>[];`'\\\"=");
+   /* note: = is in the above because of the sh syntax "FOO=bar cmd". */
+ 
++#ifdef DONT_ALLOW_ROOT_LOGIN
+   if (getuid() == (uid_t) 0 || geteuid() == (uid_t) 0)
+     {
+       /* If you're thinking of commenting this out, think again.
+@@ -196,6 +197,7 @@ exec_command (const char *shell, const char *command, int nice_level)
+                blurb());
+       exit (-1);
+     }
++#endif /*DONT_ALLOW_ROOT_LOGIN*/
+ 
+   if (hairy_p)
+     /* If it contains any shell metacharacters, do it the hard way,
+diff --git a/driver/setuid.c b/driver/setuid.c
+--- a/driver/setuid.c
++++ b/driver/setuid.c
+@@ -121,6 +121,10 @@ set_ids_by_number (uid_t uid, gid_t gid, char **message_ret)
+   struct passwd *p = getpwuid (uid);
+   struct group  *g = getgrgid (gid);
+ 
++  /* if we are logged in as root i.e. uid==0 then dont do anything*/
++  if (getuid () == (uid_t) 0)
++   return 0;
++
+   if (message_ret)
+     *message_ret = 0;
+ 
+@@ -278,11 +282,13 @@ hack_uid (saver_info *si)
+          of the xscreensaver manual titled "LOCKING AND ROOT LOGINS",
+          and "USING XDM".
+    */
++#ifdef DONT_ALLOW_ROOT_LOGIN
+   if (getuid() == (uid_t) 0)
+     {
+       si->locking_disabled_p = True;
+       si->nolock_reason = "running as root";
+     }
++#endif /*DONT_ALLOW_ROOT_LOGIN*/
+ 
+ 
+   /* If we're running as root, switch to a safer user.  This is above and
+@@ -297,6 +303,8 @@ hack_uid (saver_info *si)
+          of the xscreensaver manual titled "LOCKING AND ROOT LOGINS", 
+          and "USING XDM".
+    */
++/* We are letting root login to fix a P1 bug, i.e. root should lock screen*/
++#ifdef DONT_ALLOW_ROOT_LOGIN
+   if (getuid() == (uid_t) 0)
+     {
+       struct passwd *p;
+@@ -315,6 +323,7 @@ hack_uid (saver_info *si)
+       if (set_ids_by_number (p->pw_uid, p->pw_gid, &si->uid_message) != 0)
+ 	saver_exit (si, -1, 0);
+     }
++#endif /*DONT_ALLOW_ROOT_LOGIN*/
+ 
+ 
+   /* If there's anything even remotely funny looking about the passwd struct,
+@@ -357,7 +366,10 @@ hack_uid (saver_info *si)
+ 		 (p && p->pw_name && *p->pw_name
+ 		  ? p->pw_name : "<unknown>"));
+ 	si->nolock_reason = buf;
++
++#ifdef DONT_ALLOW_ROOT_LOGIN
+ 	si->locking_disabled_p = True;
++#endif
+ 	si->dangerous_uid_p = True;
+       }
+   }
+diff --git a/driver/subprocs.c b/driver/subprocs.c
+--- a/driver/subprocs.c
++++ b/driver/subprocs.c
+@@ -939,6 +939,9 @@ spawn_screenhack (saver_screen_info *ssi)
+   saver_preferences *p = &si->prefs;
+   char* complete_hack_command;
+ 
++  if (getuid () == 0)
++    return;  /* Dont let hacks run if logged in as root*/
++
+   if (si->prefs.verbose_p)
+    fprintf(stderr, "--> spawn_screenhack()\n");
+ 
+diff --git a/driver/timers.c b/driver/timers.c
+--- a/driver/timers.c
++++ b/driver/timers.c
+@@ -282,7 +282,7 @@ cycle_timer (XtPointer closure, XtIntervalId *id)
+ 
+       raise_window (si, True, True, False);
+ 
+-      if (!si->throttled_p)
++      if (!si->throttled_p && getuid () != 0)
+         for (i = 0; i < si->nscreens; i++)
+           spawn_screenhack (&si->screens[i]);
+       else
+diff --git a/driver/xscreensaver.c b/driver/xscreensaver.c
+--- a/driver/xscreensaver.c
++++ b/driver/xscreensaver.c
+@@ -458,6 +458,7 @@ startup_ehandler (String name, String type, String class,
+ 
+   describe_uids (si, stderr);
+ 
++#ifdef DONT_ALLOW_ROOT_LOGIN
+   if (si->orig_uid && !strncmp (si->orig_uid, "root/", 5))
+     {
+       fprintf (stderr, "\n"
+@@ -471,11 +472,11 @@ startup_ehandler (String name, String type, String class,
+                blurb());
+     }
+   else
++#endif /*DONT_ALLOW_ROOT_LOGIN*/
+     {
+       fprintf (stderr, "\n"
+           "%s: Errors at startup are usually authorization problems.\n"
+-"              But you're not logging in as root (good!) so something\n"
+-"              else must be wrong.  Did you read the manual and the FAQ?\n",
++"              Did you read the manual and the FAQ?\n",
+            blurb());
+     }
+ 
+@@ -1269,7 +1270,7 @@ main_loop (saver_info *si)
+         kill_screenhack (&si->screens[i]);
+ 
+       raise_window (si, True, True, False);
+-      if (si->throttled_p)
++      if (si->throttled_p || getuid () == 0)
+         fprintf (stderr, "%s: not launching hack (throttled.)\n", blurb());
+       else
+         for (i = 0; i < si->nscreens; i++)
upstream/oracle/userland-gate