New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SLiMlock needs suid #2954

Closed
Fuuzetsu opened this Issue Jun 15, 2014 · 5 comments

Comments

Projects
None yet
3 participants
@Fuuzetsu
Copy link
Member

Fuuzetsu commented Jun 15, 2014

I'm using services.xserver.displayManager.slim.theme to use a custom theme. It works when I have to initially log in but if I lock my station by calling slimlock afterwards, the background images don't appear and the panel is misplaced. There are some error messages if I run it as a regular user:

[shana@lenalee:~]$ slimlock
error opening console: Permission denied
error locking console: Bad file descriptor
error unlocking console: Bad file descriptor

[shana@lenalee:~]$ su
Password: 

[root@lenalee:/home/shana]# slimlock

[root@lenalee:/home/shana]# exit

but calling it as root after the session has started does not ‘fix’ the problem.

PS: It would appear that the module is poorly documented. The path has to point to a .tar.gz containing default directory which then contains your own theme files otherwise your X session won't start again. I am mentioning this in case you want to replicate this. A seemingly useless symlink pointing to itself also seems to be created in the resulting slim-theme derivation…

FTR:

[shana@lenalee:~]$ echo $SLIM_THEMESDIR 
/nix/store/9x4hlgswgdgfy08g8x7758s9ygcnvg2x-slim-theme

[shana@lenalee:~]$ l /nix/store/9x4hlgswgdgfy08g8x7758s9ygcnvg2x-slim-theme/
total 2.7M
dr-xr-xr-x    3 root nixbld 4.0K Jan  1  1970 .
drwxrwxr-t 2222 root nixbld 2.7M Jun 15 16:00 ..
dr-xr-xr-x    2 root nixbld 4.0K Jan  1  1970 default

[shana@lenalee:~]$ l /nix/store/9x4hlgswgdgfy08g8x7758s9ygcnvg2x-slim-theme/default/
total 1.9M
dr-xr-xr-x 2 root nixbld 4.0K Jan  1  1970 .
dr-xr-xr-x 3 root nixbld 4.0K Jan  1  1970 ..
-r-xr-xr-x 1 root nixbld 1.8M Jan  1  1970 background.jpg
lrwxrwxrwx 1 root nixbld    7 Jan  1  1970 default -> default
-r-xr-xr-x 1 root nixbld  274 Jan  1  1970 panel.png
-r-xr-xr-x 1 root nixbld 1.3K Jan  1  1970 slim.theme
@Fuuzetsu

This comment has been minimized.

Copy link
Member Author

Fuuzetsu commented Jun 25, 2014

Regarding the error messages, I found https://bugs.gentoo.org/show_bug.cgi?id=500204 which says that it needs suid . I doubt it solves the bigger issue but if someone could look at this one then it'd be great.

@Fuuzetsu

This comment has been minimized.

Copy link
Member Author

Fuuzetsu commented Sep 14, 2014

I have since figured out what was wrong with the theme: I am using dual head and on login, my X monitor settings were different than after I have already logged in, misplacing everything. I haven't figured out how to get around that but at least I know why it happens.

This only leaves the error messages to deal with.

@Fuuzetsu Fuuzetsu changed the title SLiMlock misbehaving with custom theme SLiMlock needs suid Sep 14, 2014

@ghost

This comment has been minimized.

Copy link

ghost commented Nov 15, 2014

I have a permissions denied issue with slock as well. Running sudo slock for me locks the screen as the root user, but running slock without root privileges just gives me:

$ slock
slock: cannot retrieve shadow entry (make sure to suid or sgid slock)
@Profpatsch

This comment has been minimized.

Copy link
Member

Profpatsch commented Feb 27, 2016

Okay, further investigation has shown that nixpkgs strips the setuid bit.

Try inserting the following in the derivation:

  postInstall = ''
    chmod 644 $out/bin/slock
    ls -l $out/bin/slock
    chmod u+s $out/bin/slock
    ls -l $out/bin/slock
  '';

It willl output the right permissions when it builds, but afterwards it’s:

-r--r--r-- 1 root root 13304 Jan  1  1970 result/bin/slock
@Profpatsch

This comment has been minimized.

Copy link
Member

Profpatsch commented Mar 20, 2016

Slimlock now uses pam.

slock has no support for pam. There is no support for suid bits in the nix store because it is world-readable and then every user could use these programs to gain root access.
So to package slock, it would have to be patched with pam, which is probably not worth the effort.

Resolved @zimbatm

@zimbatm zimbatm closed this Mar 21, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment