xlockmore - serious security issue
Peter Jeremy
peterjeremy at optushome.com.au
Sun Jan 14 18:28:47 UTC 2007
[I'm not sure why this thread is being resurrected after 6 months]
On Sat, 2007-Jan-13 22:19:49 +0300, Andrew Pantyukhin wrote:
>On 6/14/06, Simon L. Nielsen <simon at freebsd.org> wrote:
>>On 2006.06.13 18:51:48 +0400, Andrew Pantyukhin wrote:
>>> On 6/13/06, Anish Mistry <amistry at am-productions.biz> wrote:
>>> >On Tuesday 13 June 2006 07:54, Andrew Pantyukhin wrote:
>>> >> On 6/13/06, Anton Berezin <tobez at tobez.org> wrote:
>>> >> > On Tue, Jun 13, 2006 at 03:18:16PM +0400, Andrew Pantyukhin wrote:
>>> >> > > The problem is that xlockmore exits all by itself when
>>> >> > > left alone for a couple of days. It works all right overnight,
>>> >> > > but when left for the weekend, it almost certainly fails. I
>>> >> > > just come to work and see that my workstation is unlocked,
>>> >> > > what a surprise.
I came across this problem several years ago. I drive xlock from
another program (that records my working time) so I just modified my
calling program to loop until xlock exits normally. As a result,
when xlock crashes, I see the unlocked screen flash and then relock.
That's good enough for me.
>Now that we had this discussion, I only use the swarm
>mode and never had any problems with it. But what
>about those who still don't know about the issues?
I agree that this would be an issue for some people. It's not clear
to me that it's enough of an issue to forbid the port.
>I'm quite sure an ignorable/overlookable message is
>not enough.
This is a generic problem with the existing pkg_message approach.
> A user must fully understand all the
>implications of this software being used. If it's
>fundamentally flawed, let's forbid/remove it _until_
>the author has a statement for us, not after that.
As an alternative, how about we just install xlock in ${X11BASE}/libexec
and have ${X11BASE}/bin/xlock be something like:
#!/bin/sh
until ${X11BASE}/libexec/xlock "$@" ; do true; done
(Add error checking as necessary).
--
Peter Jeremy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20070114/d6563b95/attachment.pgp
More information about the freebsd-ports
mailing list