A Bug in Xscreensaver?

[mthriftwsc]

Hi,

I just noticed a pretty serious issue with xscreensaver. I'm running a fully patched FC4 installation, and when I lock the screen in xwindows, xscreensaver crashes and grants access to the xsession when given an incorrect password. If I give the correct password, it lets me in, and doesn't crash. Here's the output from a xscreensaver -verbose:

Code:

xscreensaver: 18:19:13: LOCK ClientMessage received; activating and locking.
xscreensaver: 18:19:13: 0: locked mode switching.
xscreensaver: 18:19:13: blanking screen at Wed Mar 15 18:19:13 2006.
xscreensaver: 18:19:13: 0: grabbing keyboard on 0x40... GrabSuccess.
xscreensaver: 18:19:13: 0: grabbing mouse on 0x40... GrabSuccess.
xscreensaver: 18:19:13: fading...
xscreensaver: 18:19:15: fading done.
xscreensaver: 18:19:15: error: XF86MiscSetGrabKeysState(0) returned MiscExtGrabStateAlreadyxscreensaver: 18:19:15: prompting for password.
xscreensaver: 18:19:15: 0: creating password dialog.
xscreensaver: 18:19:15: 0: mouse is at 850,3.
xscreensaver: 18:19:15: grabbing server...
xscreensaver: 18:19:15: 0: ungrabbing mouse (was 0x40).
xscreensaver: 18:19:15: 0: grabbing mouse on 0x1a0000b... GrabSuccess.
xscreensaver: 18:19:15: ungrabbing server.
xscreensaver: 18:19:19: pam_start ("xscreensaver", "admin", ...) ==> 0 (Success)xscreensaver: 18:19:19:   pam_set_item (p, PAM_TTY, ":0.0") ==> 0 (Success)
xscreensaver: 18:19:19:     PAM ECHO_OFF("Password: ") ==> password
xscreensaver: 18:19:19:   pam_authenticate (...) ==> 0 (Success)
xscreensaver: 18:19:19:   pam_acct_mgmt (...) ==> 13 (User account has expired)
xscreensaver: 18:19:19:   pam_setcred (...) ==> 0 (Success)
xscreensaver: 18:19:19: pam_end (...) ==> 0 (Success)
xscreensaver: 18:19:19: PAM: brk grew by 32K.
xscreensaver: 18:19:19: password correct.
xscreensaver: 18:19:19: grabbing server...
xscreensaver: 18:19:19: 0: ungrabbing mouse (was 0x1a0000b).
xscreensaver: 18:19:19: 0: grabbing mouse on 0x40... GrabSuccess.
xscreensaver: 18:19:19: ungrabbing server.
xscreensaver: 18:19:19: 0: moving mouse back to 850,3.
xscreensaver: 18:19:19: unblanking screen at Wed Mar 15 18:19:19 2006.
xscreensaver: 18:19:20: 0: ungrabbing mouse (was 0x40).
xscreensaver: 18:19:20: 0: ungrabbing keyboard (was 0x40).
xscreensaver: 18:19:20: 0: unlocked mode switching.
xscreensaver: 18:19:20: starting de-race timer (10 seconds.)
xscreensaver: 18:19:20: awaiting idleness.
xscreensaver: 18:19:30: de-race completed.
xscreensaver: 18:19:35: LOCK ClientMessage received; activating and locking.
xscreensaver: 18:19:35: 0: locked mode switching.
xscreensaver: 18:19:35: blanking screen at Wed Mar 15 18:19:35 2006.
xscreensaver: 18:19:35: 0: grabbing keyboard on 0x40... GrabSuccess.
xscreensaver: 18:19:35: 0: grabbing mouse on 0x40... GrabSuccess.
xscreensaver: 18:19:35: fading...
xscreensaver: 18:19:37: fading done.
xscreensaver: 18:19:37: error: XF86MiscSetGrabKeysState(0) returned MiscExtGrabStateAlreadyxscreensaver: 18:19:37: prompting for password.
xscreensaver: 18:19:37: 0: creating password dialog.
xscreensaver: 18:19:37: 0: mouse is at 753,350.
xscreensaver: 18:19:37: grabbing server...
xscreensaver: 18:19:37: 0: ungrabbing mouse (was 0x40).
xscreensaver: 18:19:37: 0: grabbing mouse on 0x1a0007b... GrabSuccess.
xscreensaver: 18:19:37: ungrabbing server.
xscreensaver: 18:19:38: pam_start ("xscreensaver", "admin", ...) ==> 0 (Success)xscreensaver: 18:19:38:   pam_set_item (p, PAM_TTY, ":0.0") ==> 0 (Success)
xscreensaver: 18:19:38:     PAM ECHO_OFF("Password: ") ==> password
Aborted

But if I enter in the correct password, everything is the same up until the pam exchange:

Code:

xscreensaver: 18:24:37:     PAM ECHO_OFF("Password: ") ==> password
xscreensaver: 18:24:37:   pam_authenticate (...) ==> 0 (Success)
xscreensaver: 18:24:37:   pam_acct_mgmt (...) ==> 13 (User account has expired)
xscreensaver: 18:24:37:   pam_setcred (...) ==> 0 (Success)
xscreensaver: 18:24:37: pam_end (...) ==> 0 (Success)
xscreensaver: 18:24:37: PAM: brk grew by 32K.
xscreensaver: 18:24:37: password correct.
xscreensaver: 18:24:37: grabbing server...
xscreensaver: 18:24:37: 0: ungrabbing mouse (was 0x1a0000b).
xscreensaver: 18:24:37: 0: grabbing mouse on 0x40... GrabSuccess.
xscreensaver: 18:24:37: ungrabbing server.
xscreensaver: 18:24:37: 0: moving mouse back to 864,1.
xscreensaver: 18:24:37: unblanking screen at Wed Mar 15 18:24:37 2006.
xscreensaver: 18:24:37: 0: ungrabbing mouse (was 0x40).
xscreensaver: 18:24:37: 0: ungrabbing keyboard (was 0x40).
xscreensaver: 18:24:37: 0: unlocked mode switching.
xscreensaver: 18:24:37: starting de-race timer (10 seconds.)
xscreensaver: 18:24:37: awaiting idleness.

This is a real security issue since I will lock the screen and leave it for a while, while it updates etc. Any info is helpful, if I decide to submit a bug should I do that directly to fedora or xscreensaver.

Thanks!

[mthriftwsc]

So, is this just not interesting to anybody? I guess I will post it as a bug to fedora. Thanks anyways!

Mike.

[InKo]

as I know, it is a bug in the xscreensaver.
https://rhn.redhat.com/errata/RHBA-2006-0077.html

it must be upgraded or try
$ sudo chmod 4755 /usr/bin/kcheckpass

it could be helpfull

[mthriftwsc]

I am running a fully patched version of fedora, and the problem doesn't only exist when running with verbosity on. I've posted a bug to bugzilla, I'll keep this thread updated to its status.

[mthriftwsc]

K, it turns out that the culprit was the pam_smbpasswd module in my /etc/pam.d/xscreensaver. I'm still not convinced that this isn't a bug, since the default should probably be for xscreensaver to fail in the event of a miss-configured module. I'll keep persuing this, but I thought I'd bring up my fix.