Date: Mon, 02 May 2022 11:13:48 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 254178] x11/xscreensaver: update to 6.02 Message-ID: <bug-254178-7788-tuW6xkaAud@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-254178-7788@https.bugs.freebsd.org/bugzilla/> References: <bug-254178-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D254178 --- Comment #54 from Felix Palmen <felix@palmen-it.de> --- This seems to be extremely tricky. At its core, upstream's expectation is that you can authenticate with PAM a= s an unprivileged user (and I tend to share this view), therefore there's no pla= n to roll some suid-root helper with xscreensaver or use an existing 3rd-party o= ne. Currently, authenticating with pam_unix.so requires root privileges. Linux = PAM partially "solves" this for authenticating as the currently logged-in user = with "unix_chkpwd". Allowing just authentication as yourself is much simpler to implement in a secure way than authenticating as any user. I submitted a stack of reviews mimicking this Linux solution here: https://reviews.freebsd.org/D34322. It was rejected without further comment, and although I see a partial solution is far from ideal, from my direct conversation with des@, I learned he doesn't even agree on the expectation = that authentication should work without privileges. So, thinking about a better = and more complete solution would probably be just time wasted. Therefore, to get this forward, I'm all in favor of having xscreensaver on FreeBSD use an existing helper as already suggested in this PR. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-254178-7788-tuW6xkaAud>