DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Installation and Upgrading

OpenBSD Installation and Upgrading Installing and upgrading OpenBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 26th October 2018
staus staus is offline
Port Guard
 
Join Date: May 2014
Posts: 28
Default OpenBSD 6.4 lost X windows for user

Just installed the latest version 6.4 on my Lenovo laptop. It was working absolutely perfectly for me using the Blackbox wm. I saw the latest patch 001 and did a syspatch. After that I can no longer get X11 to run for a user, only root.

This is what is in the Xorg.0.log file for the user:

failed to open /dev/xf86 and /dev/mem, permission denied

also:

check that the /etc/sysctl.conf file has 'machdep.allowaperature=1'

No screens found, server terminated.

The /etc/sysctl.conf file didn't exist. I created it. and now when the system is booting up an error is displayed saying - machdep.allowaperature=1, second level name is invalid

I still have root running X11, but not a user. Not sure if the patch killed X or not.

Please help
Reply With Quote
  #2   (View Single Post)  
Old 26th October 2018
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,708
Default

The second level name is "aperture" - it contains only one "a".

(I'm running -current on my laptop and 6.3 on production servers, and have not yet deployed this patch yet, so I am not yet able to recreate your problem.)
Reply With Quote
  #3   (View Single Post)  
Old 26th October 2018
staus staus is offline
Port Guard
 
Join Date: May 2014
Posts: 28
Default

Thanks a lot. I probably did misspell 'aperture'. I will make the change tomorrow and let you know. I still have no idea what 'machdep.allowaperture=1' means or does, and why now after a patch.
Reply With Quote
  #4   (View Single Post)  
Old 26th October 2018
Prevet Prevet is offline
Shell Scout
 
Join Date: Oct 2017
Posts: 111
Default

I had some trouble with a video card not being detected, so I changed that value. I discussed it on the forums a while back, so if you search on it it might help you. There is a sample sysctl.conf file in the /etc/examples folder. If you look up machdep.allowaperture in that file there is a comment to read the man entry for xf86.

I wonder if the problem could be anything to do with this?
http://daemonforums.org/showthread.php?t=10811

Last edited by Prevet; 26th October 2018 at 11:20 AM.
Reply With Quote
  #5   (View Single Post)  
Old 26th October 2018
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,708
Default

Intel and Radeon video cards which use Kernel Mode Setting (KMS) via drm(4) do not use the xf86(4) aperture driver. Users of those cards will still see a warning message in the Xorg log, which can be ignored.

However, since I don't have the patch installed on any of my systems -- my -current laptop is about a week old, and my production systems are 6.3 and aren't X-capable, I can only conjecture that there is some sort of permissions issue going on here. Perhaps due to how X is being started.
Reply With Quote
  #6   (View Single Post)  
Old 26th October 2018
bsd007's Avatar
bsd007 bsd007 is offline
Always learning
 
Join Date: Sep 2014
Posts: 223
Default

I too cant start xfce after installing the patch. Very frustrating. I am using Lubuntu now.
__________________
OpenBSD 6.4
Intel(R) Core(TM) i3-6100 CPU
Ram 4GB
Intel HD Graphics
Reply With Quote
  #7   (View Single Post)  
Old 26th October 2018
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,708
Default

OK. I'm going to recommend the following steps for staus and bsd007.

First start X with xenodm(1) if you are not already doing so. If you are already doing so, please let us know.
  1. xenodm(1) requires the use of a .xsession script in your user's home directory.
    If you don't have one because you use startx(1) or xinit(1) instead, you can link your user's .xinitrc script to it. When logged in on the console as your user, change directory to your user's home directory and link the file with $ ln .xinitrc .xsession.
  2. Enable xenodm to start on boot with # rcctl enable xenodm.
  3. # reboot.
Second if that does not solve the problem, please let us know. Post your full dmesg(8) and /var/log/Xorg.0.log files here, or, if you prefer, reach out to the OpenBSD Project by submitting a bug report. I have not seen a problem report on the bugs@ mailing list regarding this issue yet, which is why I will guess using xenodm(1) may solve the problem. Bug reporting instructions may be found here: https://www.openbsd.org/report.html

Last edited by jggimi; 26th October 2018 at 01:35 PM. Reason: typos
Reply With Quote
  #8   (View Single Post)  
Old 26th October 2018
fvgit's Avatar
fvgit fvgit is offline
Spikes in tights
 
Join Date: May 2016
Location: perl -MMIME::Base64 -le 'print decode_base64("U2hlcndvb2QgRm9yZXN0")'
Posts: 179
Default

The fallout of the setuid removal for the x server is starting to hit the mailing lists. Looks like jggimi's assessment is spot on, as usual:

Quote:
I had a startx setup, which broke. When I switched to xenodm, it works
fine, plus it needed moving the ~/.xinitrc + ~/.xsession files away.
Can somebody
please add an entry to current.html in the FAQ?
https://marc.info/?l=openbsd-cvs&m=154055902931851&w=2
Reply With Quote
  #9   (View Single Post)  
Old 27th October 2018
staus staus is offline
Port Guard
 
Join Date: May 2014
Posts: 28
Default

I followed jggimi's advice, and I have been able to start X as a user again.

Thanks.
Reply With Quote
Old 27th October 2018
jmccue jmccue is offline
Real Name: John McCue
Port Guard
 
Join Date: Aug 2012
Location: here
Posts: 25
Default

No Issues with xenodm(1) here after the patch (6.4).

When the news hit, I removed the setuid /usr/X11R6/bin/Xorg as soon as I read about it, late yesterday night I applied the patch.

The interesting thing was the patch turned on the setiud (which I removed afterwards). I was thinking it would be removed by the patch, but I may have mis-read the lists

Anyway, very impressed with the speed of the fix by the OpenBSD team

Last edited by jmccue; 27th October 2018 at 02:28 PM. Reason: adjusted/spelling
Reply With Quote
Old 28th October 2018
acampbell acampbell is offline
Real Name: Anthony Campbell
Shell Scout
 
Join Date: Sep 2014
Location: London, UK
Posts: 106
Default

Thanks, Iggimi, for the information about Xenodm. This certainly gets X working. But I'm left with some niggles which I'm still trying to resolve, and I have to admit to being sorely tempted to restore setuid to Xorg as I'm the only user with access to my desktop. Would thjs be very unwise?
Reply With Quote
Old 28th October 2018
fvgit's Avatar
fvgit fvgit is offline
Spikes in tights
 
Join Date: May 2016
Location: perl -MMIME::Base64 -le 'print decode_base64("U2hlcndvb2QgRm9yZXN0")'
Posts: 179
Default

If you do that, someone who manages to compromise your box remotely by any 3rd party software, for instance browser, irc, anything networked etc. will have priviledge escalation presented on a silver platter.

Think of it this way: this was a bug in the base system. Who knows how many exploitable bugs (in one way or another) are lingering undetected somewhere in the ports tree?

Your threat assesment probably depends on your level of paranoia. I know I wouldn't do it.

EDIT: I just realised your system is in a post patch state, which means the dangerous option was removed IIRC. But still, you'd be giving a binary unnecessary priviledges which you don't really need.

Last edited by fvgit; 28th October 2018 at 07:16 PM.
Reply With Quote
Old 28th October 2018
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,708
Default

Quote:
Originally Posted by acampbell View Post
...unwise?
Yes, I believe it is unwise. True, you are the only user with physical access to your workstation. And yes, this is considered a local exploit. Unfortunately, physical access is not required to execute local programs. Consider:

  • You use a browser.
  • You browser executes instructions locally, which are sent to it from remote websites. (the obvious example: JavaScript)
  • You connect to websites you explicitly intend to connect to, such as this one.
  • You also connect to many, many, many more websites than those you explicitly intend to connect to.
If you have operational issues using xenodm(1), which is the Project's recommended solution, then open a new thread discussing them.
Reply With Quote
Old 28th October 2018
acampbell acampbell is offline
Real Name: Anthony Campbell
Shell Scout
 
Join Date: Sep 2014
Location: London, UK
Posts: 106
Default

Thanks to both for replies. Makes sense. I hope the startx issue gets resolved later.

Meanwhile, I'll fiddle some more with Xenodm and if I can't find a solution I'll start a new thread as suggested.
Reply With Quote
Old 29th October 2018
TheTKS TheTKS is offline
Port Guard
 
Join Date: Sep 2018
Location: Canada
Posts: 14
Default

OpenBSDE 6.4 + XFCE, X wouldn't start for users but did for root after xserver patch - mostly recovered

Here's how I installed 6.4 with XFCE and mostly recovered after the xserver patch broke a few things

- Installed OpenBSD 6.4 with XFCE late this past week, not using xenodm, starting XFCE via command startxfce4, two local users (one in wheel group, one not - I'm using this installation to learn OpenBSD)
- XFCE started from console via startxfce4 command and worked as expected for root and each user, installed a few packages
- After patch, XFCE opened and worked as expected only for root. For both wheel and non-wheel users, XFCE and wm's would not launch as described in OpenBSD Misc mailing list thread titled "can't start X in 6.4"
- Enabled and started xenodm, rebooted
- XFCE still launched and ran normally for root, signing in from xenodm sign in page
- Users launched in fvwm from xenodm sign in page. From console, if I ran startxfce4, panels would appear, but XFCE wallpaper didn't and windows were fvwm
- To each of /root, /home/UserInWheelGroup and /home/UserNotInWheelGroup, I used nano to create .xsession with command *startxfce4 [edited] exec startxfce4*, rebooted
- Now XFCE launches and runs normally for wheel and non-wheel users from xenodm sign in page
- Now can't sign in as root from xenodm sign in page. Is this normal? If so, fine (but how do I sign in as root, if I want to?) If not, then I still have to figure this bit out.

TKS


Sources
- RibaLinux instructions to install 6.0 with XFCE (but skipping some steps and adapting instructions to 6.4)
- OpenBSD Misc mailing list, thread titled "can't start X in 6.4". Theo said switch to xenodm.
- https://www.openbsd.org/faq/faq11.html "The X Window system"
- Posts in this thread earlier than this one. Special thanks to jggimi in post 7.

Last edited by TheTKS; 29th October 2018 at 03:10 AM. Reason: Typo, clarification, correction
Reply With Quote
Old 29th October 2018
shep shep is offline
Real Name: Scott
Arp Constable
 
Join Date: May 2008
Location: Dry and Dusty
Posts: 1,253
Default

Quote:
Originally Posted by TheTKS View Post
- Now can't sign in as root from xenodm sign in page. Is this normal? If so, fine (but how do I sign in as root, if I want to?) If not, then I still have to figure this bit out.
By default, there are 5 virtual terminals with Xorg/Xfce4 taking the 5th (Mueller Pun).

<Ctrl>+<Alt>+<F3> will bring up the 3rd Virtual terminal and you can login as root or a user.
Reply With Quote
Old 29th October 2018
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,708
Default

Quote:
Originally Posted by TheTKS View Post
...Now can't sign in as root from xenodm sign in page. Is this normal?
No. If you have NO .xsession file, root will log on with the fvwm(1) window manager. It is likely that your /root/.xsession file is misconfigured. There might be errors listed within /var/log/xenodm.log.

It is possible to prevent root login through setting the Authentication Widget xlogin.Login.allowRootLogin to false, but this would have been something you would have been aware of doing.
Reply With Quote
Old 29th October 2018
TheTKS TheTKS is offline
Port Guard
 
Join Date: Sep 2018
Location: Canada
Posts: 14
Default

@shep, @jggimi, thanks, I will use Ctrl Alt F3 if needed until I figure out how to fix this, and I will look at /var/log/xenodm.log and look again at /root/.xsession. I might just delete root's .xsession so the rare time I do sign in as root, it will always be very obvious, and I would learn how to work in a wm.

Also, I can su or su - from wheel user, so nothing is stopping me from becoming root as needed, but I'd still like to sort this out.

TKS
Reply With Quote
Old 29th October 2018
TheTKS TheTKS is offline
Port Guard
 
Join Date: Sep 2018
Location: Canada
Posts: 14
Default Lost x in 6.4 - Solved for my needs

First of all, thanks to Theo De Raadt, jggimi and shep for advice on the OpenBSD Misc mailing list and in posts above:

- I had a working 6.4 with XFCE, with wheel and non-wheel users, launching XFCE on each sign in from console with "startxfce4". I had not enabled xenodm and hadn't added .xinitrc
- After applying the xserver patch, I lost the ability to start x and xfce4 for users but could still launch xfce as root (same error reported by others)
- I enabled xenodm and added .xsessions to my users and to root to exec startxfce4. Then from xenodm sign in screen, users could then sign in with XFCE launching, but root couldn't sign in at all.
- I deleted the .xsession with exec startxfce4 I had just created
- Now I can sign in from xenodm sign in screen as non-wheel or as wheel user with a working XFCE session, and as root with fvwm

A bit more detail (for more background, see my earlier posts and responses here by jggimi and shep, and the OpenBSD Misc mailing list):
- Specifically, the behaviour I encountered after enabling xenodm and adding .xsession files to my two users and to root, with the single instruction exec startxfce4 in each .xsession, was that after trying to sign in from xenodm as root, I would momentarily get a black screen then be brought back to the xenodm signin screen. Both users could sign in from xenodm and be brought into XFCE
- root's .xsession-errors showed something like "can't find startxfce4". I also tried just xfce4 and just xfce, with same behaviour. These did not appear in the .xsession-errors of the two users.
- I will assume one of: I missed or incorrectly configured something in the XFCE DE installation; it's an XFCE bug; it's an XFCE feature.

TKS
Reply With Quote
Old 29th October 2018
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,708
Default

Quote:
...root's .xsession-errors showed something like "can't find startxfce4"
This is a $PATH problem.

In /home/root/.xsession, try using the fully qualified executable: exec /usr/local/bin/startxfce4

If that fails to function properly, you could add /usr/local/bin to root's $PATH if it is not already there.

Last edited by jggimi; 29th October 2018 at 04:28 PM. Reason: clarity
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Hosting a Windows VM on OpenBSD girarde OpenBSD Packages and Ports 2 27th December 2015 12:42 AM
User Store, Auth, VPN and Multi-user apps/software montie OpenBSD Packages and Ports 9 9th January 2015 09:51 PM
New OpenBSD installation on HDD with Windows cableguy OpenBSD Installation and Upgrading 8 3rd April 2014 10:57 PM
WOL windows 7 from openbsd sputnik General software and network 0 9th April 2013 08:18 AM
New OpenBSD User codeFreak OpenBSD General 3 18th February 2011 02:43 AM


All times are GMT. The time now is 03:08 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick