ports/139676: maintainer update x11/xlockmore

David Wolfskill david at catwhisker.org
Fri Oct 16 17:40:02 UTC 2009 

The following reply was made to PR ports/139676; it has been noted by GNATS.

From: David Wolfskill <david at catwhisker.org>
To: freebsd-gnats-submit at FreeBSD.org
Cc:  
Subject: Re: ports/139676: maintainer update x11/xlockmore
Date: Fri, 16 Oct 2009 10:22:39 -0700

 --VbJkn9YxBvnuCH5J
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 Content-Transfer-Encoding: quoted-printable
 
 Please note that the reason xlockmore 5.29.1 was released is that 5.29
 will fail if invoked from within certain "virtual" window managers.
 
 The failure is accompanied by a message:
 
 | X Error of failed request:  BadWindow (invalid Window parameter)
 |   Major opcode of failed request:  3 (X_GetWindowAttributes)
 |   Resource id in failed request:  0x45
 |   Serial number of failed request:  82
 |   Current serial number in output stream:  83
 
 and xlockmore fails to actually lock the screen.
 
 (I specifically observed it with the piewm and tvtwm window managers,
 and noted that the failure does not occur using the twm window
 manager.  I believe that in general, window managers based on tvtwm are
 susceptible.  It is possible that any "virtual" window manager is
 susceptible.)
 
 As a common way to invoke xlock(more) is via xautolock (in which case,
 the message is not generally displayed in a place where anyone would see
 it), the overall effect is that one would leave the computer, expecting
 that xlock(more) would offer at least some protection, while in fact,
 nothing of the sort happens: the machine is merely left logged in and
 unattended.
 
 This is probably a bit more of a security exposure than folks using
 xautolock would be likely to expect.  Getting this committed prior to
 the release of 8.0 would thus be welcome.
 
 (I have also verified that the fix is effective for both piewm and
 tvtwm.)
 
 Peace,
 david
 --=20
 David H. Wolfskill				david at catwhisker.org
 Depriving a girl or boy of an opportunity for education is evil.
 
 See http://www.catwhisker.org/~david/publickey.gpg for my public key.
 
 --VbJkn9YxBvnuCH5J
 Content-Type: application/pgp-signature
 Content-Disposition: inline
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.13 (FreeBSD)
 
 iEYEARECAAYFAkrYq94ACgkQmprOCmdXAD1iegCeOluAqFRdeqo4sdH0abTQr1Fq
 BT8An3Y8yJshIablGBS2POUjyRKynwa2
 =u9oA
 -----END PGP SIGNATURE-----
 
 --VbJkn9YxBvnuCH5J--

More information about the freebsd-ports-bugs mailing list