From nobody Mon May 02 11:13:48 2022 X-Original-To: ports-bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 6DFB71AC0C94 for ; Mon, 2 May 2022 11:13:49 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4KsL7d01bbz58pG for ; Mon, 2 May 2022 11:13:48 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id C97B2B6F for ; Mon, 2 May 2022 11:13:48 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 242BDmx6080988 for ; Mon, 2 May 2022 11:13:48 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 242BDmLv080987 for ports-bugs@FreeBSD.org; Mon, 2 May 2022 11:13:48 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 254178] x11/xscreensaver: update to 6.02 Date: Mon, 02 May 2022 11:13:48 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: felix@palmen-it.de X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: ports-bugs@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback+ X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Ports bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-ports-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports-bugs@freebsd.org X-BeenThere: freebsd-ports-bugs@freebsd.org MIME-Version: 1.0 ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1651490029; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=zcLJ+U8Jhut4zJiExpX1usOBw0nEbbimTa1dlew056E=; b=MjmUbwNIhAeE76Z8JDl2FTzFIheWRB5ghcAOy1RtFm2+eYgXouBNjvh9djskWyHHHMyP98 ohGqqw4wvTINZiSYucyzDMQwSKwo2KBFyVZV1rAOFEG+Rd7SJT4LRTJkLcv0q0jZdooN8l cM6lJJXkTVaEzjl+o+167bSSHMQ1+qAoFwFKzt69x9fyUf1s50Mt3UIdzGCbDUQx7jvHaP 4OuoitYpI+2thV2ZxCmuwWDRxB7XOsDj7glqawbfmtdJLHRZhgK1ziD6SEbiXZ1p55miny poaKiUfpbp3zEDLaQLr8np8KhrE2b9YJgc7RV0MfqJmDh/4xvDc3+eDjeaefUA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1651490029; a=rsa-sha256; cv=none; b=xmkBZc+m4vkGLi1lB8tZGM+7fuoY8Bc6f+Sxy0Mv1+hsQBZqeuAJtGOIZ36QOMHgBm6auq 2+lkHPB1VHGAO8ZTjUX2ziNQJy/buvKHP+TqUwr42IwOJ0fDQXDClICfvTFqxYKxCl72KQ l+uIOTNSCBG+NbkoS9V49ax7DkeKuOmaMK5PM3rLFeuRLkU0DeGBmn9M8O5GF3I3XRHN01 daS17pvVONDFbs+BlNR+EcCqQx5ZPALf0thHlswI9EGSKDBSQN+7bTFttrluatzQrrgDgk v5iyakssD+07IV1rOBPhyRe1GrF58pg+lczqGZA97ZSD/zgPRNeASA9i+aHfGw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D254178 --- Comment #54 from Felix Palmen --- This seems to be extremely tricky. At its core, upstream's expectation is that you can authenticate with PAM a= s an unprivileged user (and I tend to share this view), therefore there's no pla= n to roll some suid-root helper with xscreensaver or use an existing 3rd-party o= ne. Currently, authenticating with pam_unix.so requires root privileges. Linux = PAM partially "solves" this for authenticating as the currently logged-in user = with "unix_chkpwd". Allowing just authentication as yourself is much simpler to implement in a secure way than authenticating as any user. I submitted a stack of reviews mimicking this Linux solution here: https://reviews.freebsd.org/D34322. It was rejected without further comment, and although I see a partial solution is far from ideal, from my direct conversation with des@, I learned he doesn't even agree on the expectation = that authentication should work without privileges. So, thinking about a better = and more complete solution would probably be just time wasted. Therefore, to get this forward, I'm all in favor of having xscreensaver on FreeBSD use an existing helper as already suggested in this PR. --=20 You are receiving this mail because: You are the assignee for the bug.=