LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 05-14-2018, 04:15 PM   #1
hgriggs
LQ Newbie
 
Registered: Mar 2010
Location: Virginia USA
Distribution: Slackware
Posts: 29

Rep: Reputation: 2
Since xorg 1.20, can no longer change root window from cron job


I am using Slackware current, and FVWM. I have a cron job that every three minutes runs a shell script, that will recurse down my image library with some directories weighted, and will choose an image and then set the root window to that chosen image. This has worked nicely for the last 17 years. After the recent upgrade when the Xorg server went to version 1.20, it no longer works.

The shell script that cron runs can use xv, display, wmsetbg or bsetbg. I have tried all four of these utilities. If I run the individual utilities from the command line, they work and the root window is changed and will display the image. If I run the script on the command line, it will work and the root window is changed. But if the script runs in the cron job, it will not work, and the utilities show errors.

display will show "unable to open X server `:0.0' @ error/display.c/DisplayImageCommand/433"

xv will show "Can't open display"

bsetbg will show "exited with status 1"

wmsetbg will show "fatal: could not open display"

So I'm guessing that something changed when xorg changed, and the root window can no longer be accessed through a cron job. Does have anyone have a quick suggestion? I know cron will run with a very limited environment with limited environment variables. I note that DISPLAY, HOSTDISPLAY are not available in cron, along with many others, so they seem like likely candidates. Can I add something to cron to set the display before running the script?

If there's no easy fix to this, I'll rewrite the shell script to run as a daemon and change the root window outside cron, but I was hoping for something simple and easy before I went to that effort.
 
Old 05-14-2018, 04:27 PM   #2
Darth Vader
Senior Member
 
Registered: May 2008
Location: Romania
Distribution: DARKSTAR Linux 2008.1
Posts: 2,727

Rep: Reputation: 1230Reputation: 1230Reputation: 1230Reputation: 1230Reputation: 1230Reputation: 1230Reputation: 1230Reputation: 1230Reputation: 1230
Quote:
Originally Posted by hgriggs View Post
This has worked nicely for the last 17 years. After the recent upgrade when the Xorg server went to version 1.20, it no longer works.
Yep, "it worked nicely" for the last 17 years, but that also was a freaking huge security issue.

Honestly, I am glad that they (X.org Foundation) fixed this really lame issue, even it happened 17 years later.

I suggest you to adapt you scripts according, eventually using XVFB, which is made specially for cases like this (it is a virtual framebuffer X server).

Last edited by Darth Vader; 05-14-2018 at 04:30 PM.
 
Old 05-14-2018, 04:30 PM   #3
hgriggs
LQ Newbie
 
Registered: Mar 2010
Location: Virginia USA
Distribution: Slackware
Posts: 29

Original Poster
Rep: Reputation: 2
Please excuse my ignorance, but could you explain why it is a security issue?
 
Old 05-14-2018, 04:35 PM   #4
Darth Vader
Senior Member
 
Registered: May 2008
Location: Romania
Distribution: DARKSTAR Linux 2008.1
Posts: 2,727

Rep: Reputation: 1230Reputation: 1230Reputation: 1230Reputation: 1230Reputation: 1230Reputation: 1230Reputation: 1230Reputation: 1230Reputation: 1230
Long story short, a program run by a particular user should not be able to connect to a X Server ran by another one.

Imagine something like this: a keylogger injected via a local site, running as "apache" being able to watch the input made by a(nother) local user in his legit X session (even as root). You will agree that's not fun.

Let's do not debate it, thanks to gods this story was ended, and there is your way, in my opinion: XVFB running as your specific CRON user.

BTW, the XVFB is shipped natively by Slackware.

Last edited by Darth Vader; 05-14-2018 at 04:38 PM.
 
Old 05-14-2018, 04:38 PM   #5
hgriggs
LQ Newbie
 
Registered: Mar 2010
Location: Virginia USA
Distribution: Slackware
Posts: 29

Original Poster
Rep: Reputation: 2
And perhaps it is not fixed. I added "DISPLAY=:2; " before my cron job, and now the script works again.

But I still would like to know the security issues in doing this.
 
1 members found this post helpful.
Old 05-14-2018, 04:39 PM   #6
Darth Vader
Senior Member
 
Registered: May 2008
Location: Romania
Distribution: DARKSTAR Linux 2008.1
Posts: 2,727

Rep: Reputation: 1230Reputation: 1230Reputation: 1230Reputation: 1230Reputation: 1230Reputation: 1230Reputation: 1230Reputation: 1230Reputation: 1230
BTW, you are kind to show me your entire cron job?
 
Old 05-14-2018, 04:41 PM   #7
hgriggs
LQ Newbie
 
Registered: Mar 2010
Location: Virginia USA
Distribution: Slackware
Posts: 29

Original Poster
Rep: Reputation: 2
Ah, I see.

But the root window is not owned by anyone else in this case. When I boot, I boot to command line in text mode, not GUI, log in as myself and then run 'startx'. The root window is not owned by root, or any other user, just me. Would that still be considered a security problem?

I'm not trying to be difficult. I use my systems very old school, very hands on, very command line, very primitive. If this is still a security problem, I will change it.
 
Old 05-14-2018, 04:42 PM   #8
hgriggs
LQ Newbie
 
Registered: Mar 2010
Location: Virginia USA
Distribution: Slackware
Posts: 29

Original Poster
Rep: Reputation: 2
Cron job is this:

*/3 * * * * export DISPLAY=:2; $HOME/bin/recurse_background.pl >> $HOME/logs/background.log 2>&1
 
Old 05-14-2018, 04:43 PM   #9
hgriggs
LQ Newbie
 
Registered: Mar 2010
Location: Virginia USA
Distribution: Slackware
Posts: 29

Original Poster
Rep: Reputation: 2
And I made a mistake. It's not a shell script but a Perl program. A previous incarnation was shell, this one is Perl.
 
Old 05-14-2018, 04:44 PM   #10
hgriggs
LQ Newbie
 
Registered: Mar 2010
Location: Virginia USA
Distribution: Slackware
Posts: 29

Original Poster
Rep: Reputation: 2
And yes, I see Xvfb and will research it now. Thank you.
 
Old 05-14-2018, 04:45 PM   #11
Darth Vader
Senior Member
 
Registered: May 2008
Location: Romania
Distribution: DARKSTAR Linux 2008.1
Posts: 2,727

Rep: Reputation: 1230Reputation: 1230Reputation: 1230Reputation: 1230Reputation: 1230Reputation: 1230Reputation: 1230Reputation: 1230Reputation: 1230
Quote:
Originally Posted by hgriggs View Post
Would that still be considered a security problem?
Did your CRONs ran while owned by the same user?

IF NOT, that's very bad, from reasons I said: no user shall have access to the X session owned by another user. At least, this say the common sense.
 
Old 05-14-2018, 04:46 PM   #12
Darth Vader
Senior Member
 
Registered: May 2008
Location: Romania
Distribution: DARKSTAR Linux 2008.1
Posts: 2,727

Rep: Reputation: 1230Reputation: 1230Reputation: 1230Reputation: 1230Reputation: 1230Reputation: 1230Reputation: 1230Reputation: 1230Reputation: 1230
Quote:
Originally Posted by hgriggs View Post
And yes, I see Xvfb and will research it now. Thank you.
You are welcome. Also I prefer it for running headless X sessions.

As plus, you do not need to manually start X sessions.

PS. Maybe you will consider also this small script: https://github.com/revnode/xvfb-run/...aster/xvfb-run

It simplify the usage of Xvfb, specially withing CRON scripts. For example:
Code:
/usr/bin/xvfb-run -a -s "-screen 0 640x480x16" /usr/bin/wkhtmltopdf /root/input.html /root/output.pdf

Last edited by Darth Vader; 05-14-2018 at 04:56 PM.
 
Old 05-14-2018, 05:06 PM   #13
hgriggs
LQ Newbie
 
Registered: Mar 2010
Location: Virginia USA
Distribution: Slackware
Posts: 29

Original Poster
Rep: Reputation: 2
The cron job is for me, not root, not anyone else. There are only two users on this system - root and me. Root does nothing with Xorg. User me starts Xorg, starts FVWM. Only owner of Xorg is me, only changer of root window is me.

I just ran some tests. If I try to change the root window as root, the root window of user me is changed. I added a temporary user, and tried to change the root window of user me as that user, and the request was rejected. So root can change the root window but other users cannot.

My cron job used to be this:

*/3 * * * * export DISPLAY=:0.0; $HOME/bin/recurse_background.pl >> $HOME/logs/background.log 2>&1

and now it is this:

*/3 * * * * export DISPLAY=:2; $HOME/bin/recurse_background.pl >> $HOME/logs/background.log 2>&1

So it looks like Xorg changed the display numbering system when it starts. I must do more reading about the DISPLAY values in the new Xorg.
 
Old 05-14-2018, 05:11 PM   #14
hgriggs
LQ Newbie
 
Registered: Mar 2010
Location: Virginia USA
Distribution: Slackware
Posts: 29

Original Poster
Rep: Reputation: 2
Thank you for the script. I will study it. It is very well constructed. My scripts tend to be messy, hoping that no-one else will see them.

I know that I can boot to runlevel 5 and use a display manager to log in, but I prefer to boot to runlevel 3 and do it all manually. I prefer the primitive approach.

Thank you for your help, and for your suggestions. It is much appreciated.
 
Old 05-14-2018, 05:13 PM   #15
Darth Vader
Senior Member
 
Registered: May 2008
Location: Romania
Distribution: DARKSTAR Linux 2008.1
Posts: 2,727

Rep: Reputation: 1230Reputation: 1230Reputation: 1230Reputation: 1230Reputation: 1230Reputation: 1230Reputation: 1230Reputation: 1230Reputation: 1230
Is this the default CRON? Then it is ran as "root".

Yet, I feel uneasy with your solution, as it rely in a X session started as whatever user, out of all considerations.

That's why I remain at my opinion of using XVFB.

Last edited by Darth Vader; 05-14-2018 at 05:15 PM.
 
  


Reply

Tags
xorg


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Cron trying to execute job that's no longer there? Mark_667 Linux - Server 4 12-30-2017 12:59 AM
[SOLVED] Cron job not running as root? littlebigman Debian 2 06-21-2015 03:20 PM
[SOLVED] Run cron job in terminal emulator window Beaverfriend Linux - Software 3 05-24-2012 05:06 AM
Is the cron job always running root? johnifanx98 Linux - Newbie 4 03-01-2012 01:10 PM
What does this cron job do? disable it or change its frequency lindylex Linux - General 3 11-29-2009 02:40 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 09:44 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration