#816722 zoom-player: interraction with xscreensaver

Package:
xscreensaver
Source:
xscreensaver
Description:
Screensaver daemon and frontend for X11
Submitter:
Alexandre Detiste
Date:
2021-10-06 21:21:03 UTC
Severity:
normal
#816722#5
Date:
2016-03-04 11:50:02 UTC
From:
To:
Hi,

xscreensaver tried to run 'zoom'; which resulted in this text in a
ugly yellow font on black backgroud:

"zoom: invalid option -- 'r'
Try `zoom --help' or `zoom --usage' for more information."

This can be reproduced with xscreensaver-demo; by running the last
screensaver from the list "Zoom".

This bug does _NOT_ happen when "xscreensaver-data-extra"
which provides /usr/lib/xscreensaver/zoom is also installed.

I guess renaming /usr/games/zoom to work around this is just wrong;
so this should be re-attributed to xscreensaver package (with a patch ?).

It seems fix would be that xscreensave doesn't include
/usr/games in it's path anymore.

Alexandre

#816722#10
Date:
2016-03-05 15:29:41 UTC
From:
To:
Control: reassign -1 xscreensaver

Or perhaps xscreensaver-demo should only look in /usr/lib/xscreensaver...
(For the xscreensaver maintainers: the context here is that the zoom-player
package provides /usr/games/zoom, which xscreensaver attempts to use for its
Zoom screensaver if xscreensaver-data-extra isn't installed.)

Regards,

Stephen

#816722#19
Date:
2016-03-05 16:22:08 UTC
From:
To:
Le samedi 5 mars 2016, 16:29:41 Stephen Kitt a écrit :

Awww, I found a duplicate:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794719

xscreensaver-data: runs /usr/bin/barcode rather than /usr/lib/xscreensaver/barcode

I'd like to help on this bug, and the 106 other ones.

#816722#24
Date:
2016-04-07 20:45:20 UTC
From:
To:
Yup, this is a bit hairy, not easy to make a solution that is 100%
without patching much of the original code. However in most cases,
restricting it to /usr/lib/xscreensaver would fix the issue. There
might be some cases where a program from another package can be used,
but that can maybe be fixed by patching these individual cases in the
app-defaults file.

As upstream points out in the other report, the use of one
app-defaults file but multiple hack collection packages complicates
the issue.

Alexandre,

That would be fantastic!

Best regards,
Tormod

#816722#29
Date:
2016-04-07 20:54:04 UTC
From:
To:
Having xscreensaver override and ignore the $PATH that the user passed in is a terrible idea.

But if init scripts are involved, perhaps those scripts should launch xscreensaver without /usr/games/ on $PATH.

#816722#34
Date:
2016-04-07 21:44:14 UTC
From:
To:
Since we are in control of where we install the hacks
(/usr/lib/xscreensaver), it is not that bad. But it would prevent the
user from adding his own hacks somewhere random and have them launched
just by setting the $PATH. Unless he patches and rebuilds xscreensaver
himself :)

Is it not possible to specify the full path in the app-default file?
That would address above user case. Or is there other user cases I am
missing?

We do have the problem that there are name clashes. How can we handle
this if we do not ignore (alt. parts of) the $PATH? We wouldn't like
to add a namespace to all the hack binaries to avoid name clashes. And
I don't think it is realistic that the xscreensaver package takes
monopoly on names like "zoom".

Tormod

#816722#39
Date:
2016-04-07 22:35:57 UTC
From:
To:
If you modify xscreensaver to not obey $PATH, you are making it do this weird, confusing, undiscoverable thing.

If you merely launch it with a different $PATH, then it's easy to know what's going on. Especially since the $PATH appears in error messages about not being able to find things.

You could do that, but just changing $PATH seems a lot simpler, and isn't going to result in merge conflicts for the rest of eternity.

Anyway, xscreensaver already prepends HACKDIR to $PATH, so this problem can only happen if HACKDIR is wrong or if the "zoom" saver is A) enabled but B) not installed.

#816722#44
Date:
2016-04-07 22:39:49 UTC
From:
To:
Hey guess what, this is a problem that only exhibits itself because you took the code that I had tested and distributed, ripped half of it out, and expected the other half to continue working properly.

I am shocked -- shocked -- at this outcome.

#816722#49
Date:
2016-04-08 08:54:40 UTC
From:
To:
Something you are well aware was done 8 years ago. I am truly sad --
sad -- you are still shocked.

The reasons it was done have become less important over the years, so
it might change, but in the meantime we will use another solution for
the issue at hand.

Tormod

#816722#54
Date:
2016-04-08 09:10:50 UTC
From:
To:
I see the point with PATH being listed in error messages. Setting the
path or not obeying the provided one seems to me pretty much the same
(for locating hacks), so I am fine with that too.

But let me be clear, I am only talking about the part "let's start the
hack with name X". For running helpers etc it would be nice to have a
reasonable PATH so xscreensaver-get-images & friends can be found
without that we force full paths on them, or clumsy soft links in
/usr/lib/xscreensaver - this would get messy since "friends" can
involve a lot of dependencies. Is it not possible to say, when X is a
name in preferences that has no path, to run /usr/lib/xscreensaver/X
but with full (unmodified) PATH?

I meant for the users if they want to add their own hack. I did not
mean we should add full path to the hacks we ship in
/usr/lib/xscreensaver. Definitely would like to avoid patching the
app-defaults more than necessary :)

Tormod

#816722#59
Date:
2016-04-08 17:01:27 UTC
From:
To:
Sorry, I don't understand what you're proposing. Can you give some examples?

Why do you object to "just set $PATH in whatever script launched xscreensaver"? That seems simple to me.

#816722#64
Date:
2016-04-08 22:16:32 UTC
From:
To:
I don't object to setting PATH, it seems simple and it would help
against the name clashes in /usr/games like zoom. I am just thinking
of possible clashes with other programs in /usr/bin as well. There are
like 10000 packages in Debian and new ones coming all the time, so it
can make sense to "protect" the screensaver from conflicts. Because
some hacks execute utilities we are placing in /usr/bin, for instance
xscreensaver-get-image (and I think some of these call other utilities
also), a modified PATH will still have to include /usr/bin. Since we
are placing all hacks into /usr/lib/xscreensaver, we can also restrict
the spawning of hacks to this path. Then PATH can be left unmodified,
for whatever the hacks need to execute. And in the few cases the user
wants to add another executable to his configuration file, he will
just have to provide the full path to it. We would simply check
hack->command for a starting slash and if none, prepend
/usr/lib/xscreensaver. So if the configuration file says "zoom -bla"
we would run "/usr/lib/xscreensaver/zoom -bla". If it says
"/usr/games/zoom -bla" we would run that. It would be more restrictive
but also more fail proof.

Tormod

#816722#69
Date:
2016-04-09 03:41:25 UTC
From:
To:
I still think the root of the problem here is that the "zoom" xscreensaver hack is marked as enabled in the .ad file, but it is not actually installed. So the .ad file is wrong. Correcting it would fix this. I suppose it would be possible to do that in a post-install script on the xscreensaver sub-packages.

It would also work to make every entry in the .ad file be an absolute path instead of relative.

But I don't like the idea of forcing entries in the .ad file that are not absolute paths to only run from a hardcoded directory.

#816722#74
Date:
2016-04-13 21:51:41 UTC
From:
To:
I am also not so fond of the hardcoding. If the directory name could
be overrun by a user setting it would have very acceptable though.

On the other hand, we don't want to mess with users' or
administrators' configuration files. Granted, if the system .ad is
unmodified by the administrator, we can change it or modify by a
script, but if the user has run xscreensaver and has his own
configuration file we are not gonna touch it. "Breaking" it by not
allowing all possible entries to run, would be more acceptable. We are
after all tying everything down and installing the hacks to a very
defined location. I think it is important that the stock setup works
without issues, even if it means the rare experimental user gets one
more hurdle for doing very specific customizations. Without turning it
into gnome-screensaver :)

Tormod

#816722#79
Date:
2016-04-13 23:38:35 UTC
From:
To:
I'm not going to change anything here. Xscreensaver is working as designed. The problem being experienced is because the system it is running on is misconfigured.

Specifically, xscreensaver is only halfway installed; and it is configured to run modes that the half-install does not include.

Fix either of those system misconfigurations to solve this.

#816722#84
Date:
2016-04-14 08:06:38 UTC
From:
To:
Yes, I expect we have to make a Debian-specific kludge here. Thanks
for your input anyway, Jamie.

Tormod

#816722#89
Date:
2016-04-23 11:33:42 UTC
From:
To:
Le jeudi 7 avril 2016, 22:45:20 Tormod Volden a écrit :

I said so right before I got this mission with a 6 hours daily commute :-)

I'll come back at this at soon as it's done (or I'm done with job).

(╯°□°)╯︵ ┻━┻

#816722#94
Date:
2021-10-06 21:16:42 UTC
From:
To:
Last year proliferation of the other zoom on user devices has turned
the "halfway installed" XScreenSaver into a malware which randomly
starts the proprietary closed-source app while users are AFK.

I would suggest to bump the Severity of this issue.