[Xfce-bugs] [Bug 8993] [PATCH] Extend xflock4 with custom screensaver application support

[bugzilla-daemon at xfce.org]

https://bugzilla.xfce.org/show_bug.cgi?id=8993

--- Comment #9 from Guido Berhoerster <gber at opensuse.org> ---
(In reply to Steve Dodier-Lazaro from comment #8)
> I am against this patch being applied. Xflock4 already needs fixing in that
> it allows people to launch arbitrary screensavers (e.g.
> ~/.local/bin/xscreensaver) by tweaking their session environment, which is
> insecure.
> 
> The locker could of course have a form of xfconf key to help users choose
> their screensaver, but all screensavers should be looked up exclusively in
> /usr, and we should check the actual binaries are owned by root. I'll make a
> separate report with more details about that.

Steve, please do so on bug #10217 so that it is all in one place and have a
look at comments #20, #21, and #22 (you can ignore the rest) about a sane
redesign and reliable locking as proposed by Eric, me and Simon.

I'm afraid this is a messy topic with lots of different bug reports where
people try to add ever more layers upon a fundamentally flawed design we
currently have.

> Wrt. the patch itself, why not add the content of the xfconf key to the
> existing locker lists? And in fact if there are two very specific
> behaviours, two separate xfconf keys could be used. In any case the script
> would need to be rewritten to ensure it picks the list with the user-chosen
> locker first.

No need to, the script just needs to go away, see the proposal in bug #10217.

-- 
You are receiving this mail because:
You are the assignee for the bug.