[Xfce-bugs] [Bug 8993] [PATCH] Extend xflock4 with custom screensaver application support

bugzilla-daemon at xfce.org bugzilla-daemon at xfce.org
Sat Feb 7 12:37:22 CET 2015


https://bugzilla.xfce.org/show_bug.cgi?id=8993

Steve Dodier-Lazaro <sidnioulz at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |sidnioulz at gmail.com

--- Comment #8 from Steve Dodier-Lazaro <sidnioulz at gmail.com> ---
I am against this patch being applied. Xflock4 already needs fixing in that it
allows people to launch arbitrary screensavers (e.g. ~/.local/bin/xscreensaver)
by tweaking their session environment, which is insecure.

The locker could of course have a form of xfconf key to help users choose their
screensaver, but all screensavers should be looked up exclusively in /usr, and
we should check the actual binaries are owned by root. I'll make a separate
report with more details about that.

Wrt. the patch itself, why not add the content of the xfconf key to the
existing locker lists? And in fact if there are two very specific behaviours,
two separate xfconf keys could be used. In any case the script would need to be
rewritten to ensure it picks the list with the user-chosen locker first.

-- 
You are receiving this mail because:
You are the assignee for the bug.


More information about the Xfce-bugs mailing list