On Mon, April 9, 2018 8:34 pm, Stephen John Smoogen wrote:
> On 9 April 2018 at 04:47, Tom Grace <lists...@deathbycomputers.co.uk>
>> On 09/04/2018 07:47, Nicolas Kovacs wrote:
>>> I didn't know a screensaver was that critical.
>> It's critical in that XScreenSaver deals with locking the screen/dealing
>> with passwords. I believe the fancy animation bits are separate.
>> CentOS mailing list
> xscreensaver is security critical for the following reasons:
> 1. Several of the screensavers take user input which may not be the
> main user. If the software has a security problem. those plugins could
> overwrite the users data.
> 2. If the user is expecting that the xscreensaver is locking out a
> user and it does not then that is security related
> 3. The way X works is that every X application can listen to all mouse
> and keyboard actions. This also has a security context.
> For many sites, any of these make Xscreensaver into a high security
> item. It makes perfect sense from jwz's point of view because several
> times something 'simple' in an xscreensaver code has turned into a
> meltdown somewhere. And the fact that people email him before emailing
> the EPEL maintainer or opening a bugzilla about it says his time is
> better served saying "not my problem mate."
Thanks, Stephen, for returning the sanity to the World!
> Stephen J Smoogen.
> CentOS mailing list
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
CentOS mailing list