Re: XScreenSaver

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Mon, April 9, 2018 8:34 pm, Stephen John Smoogen wrote:
> On 9 April 2018 at 04:47, Tom Grace <lists-in@xxxxxxxxxxxxxxxxxxxxxx>
> wrote:
>> On 09/04/2018 07:47, Nicolas Kovacs wrote:
>>> I didn't know a screensaver was that critical.
>>
>> It's critical in that XScreenSaver deals with locking the screen/dealing
>> with passwords. I believe the fancy animation bits are separate.
>> _______________________________________________
>> CentOS mailing list
>> CentOS@xxxxxxxxxx
>> https://lists.centos.org/mailman/listinfo/centos
>
> xscreensaver is security critical for the following reasons:
> 1. Several of the screensavers take user input which may not be the
> main user. If the software has a security problem. those plugins could
> overwrite the users data.
> 2. If the user is expecting that the xscreensaver is locking out a
> user and it does not then that is security related
> 3. The way X works is that every X application can listen to all mouse
> and keyboard actions. This also has a security context.
>
> For many sites, any of these make Xscreensaver into a high security
> item. It makes perfect sense from jwz's point of view because several
> times something 'simple' in an xscreensaver code has turned into a
> meltdown somewhere. And the fact that people email him before emailing
> the EPEL maintainer or opening a bugzilla about it says his time is
> better served saying "not my problem mate."

Thanks, Stephen, for returning the sanity to the World!

Valeri

>
> --
> Stephen J Smoogen.
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> https://lists.centos.org/mailman/listinfo/centos
>


++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux