http://apple.doit.wisc.edu/mirrors/amug/linux/linuxppc/sources/tarballs/xscreensaver...

[xscreensaver] / driver / subprocs.c

diff --git a/driver/subprocs.c b/driver/subprocs.c
index 0e104c7ff6c85a7c51b325d660f904c0492cfb35..53dd884e9e56d81e944818fe79ecfd3975db545e 100644 (file)
--- a/driver/subprocs.c
+++ b/driver/subprocs.c
@@ -248,6 +248,17 @@ exec_screenhack (saver_info *si, const char *command)
   Bool hairy_p = !!strpbrk (command, "*?$&!<>[];`'\\\"=");
   /* note: = is in the above because of the sh syntax "FOO=bar cmd". */
 
+  if (getuid() == (uid_t) 0 || geteuid() == (uid_t) 0)
+    {
+      /* If you're thinking of commenting this out, think again.
+         If you do so, you will open a security hole.  Mail jwz
+         so that he may enlighten you as to the error of your ways.
+       */
+      fprintf (stderr, "%s: we're still running as root!  Disaster!\n",
+               blurb());
+      saver_exit (si, 1, 0);
+    }
+
   if (p->verbose_p)
     fprintf (stderr, "%s: spawning \"%s\" in pid %lu%s.\n",
             blurb(), command, (unsigned long) getpid (),
@@ -739,7 +750,7 @@ select_visual_of_hack (saver_screen_info *ssi, const char *hack)
               (si->demoing_p
                ? "%s: warning, no \"%s\" visual for \"%s\".\n"
                : "%s: no \"%s\" visual; skipping \"%s\".\n"),
-              blurb(), (vis ? vis : "???"), in);
+              blurb(), (*vis ? vis : "???"), in);
     }
 
   return selected;