Package: xscreensaver
Version: 5.42+dfsg1-1
Severity: important

Dear Maintainer,

Ever since I installed the magic-wormhole package, I have noticed that 
xscreensaver occasionally throws an error on the screen as follows:

```
Usage: wormhole [OPTIONS] COMMAND [ARGS]...
Try "wormhole --help" for help.

Error: no such option: -r
```

Luckily, invoking magic-wormhole with invalid options does not result in 
anything dangerous happening, but it raises the question whether potentially 
dangerous unintended behaviour is possible.

I believe this happens because xscreensaver is searching for known screensaver 
binaries, and finding `wormhole` in the PATH it blindly assumes that this is 
the `wormhole` from xscreensaver-data-extra, but it is not installed.

xscreensaver SHOULD search for screensavers only in /usr/lib/xscreensaver, 
where other packages are expected to install them. Any other executable on the 
PATH which may happen to have the same name as a known screensaver MUST NOT be 
invoked, as this may result in unintended behaviour.

Beware for example that `zoom` is the name of a known screensaver. I am glad 
that I do not have xscreensaver and zoom.us installed on the same machine. :-)

Andrew.


-- System Information:
Debian Release: 10.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'oldoldstable'), (500, 'stable'), 
(500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.15.0-0.bpo.2-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_WARN, TAINT_OOT_MODULE
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_IE:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages xscreensaver depends on:
ii  libatk1.0-0          2.30.0-2
ii  libc6                2.28-10
ii  libcairo2            1.16.0-4
ii  libfontconfig1       2.13.1-2
ii  libfreetype6         2.9.1-3+deb10u1
ii  libgdk-pixbuf2.0-0   2.38.1+dfsg-1
ii  libglade2-0          1:2.6.4-2+b1
ii  libglib2.0-0         2.58.3-2+deb10u2
ii  libgtk2.0-0          2.24.32-3
ii  libice6              2:1.0.9-2
ii  libpam0g             1.3.1-5
ii  libpango-1.0-0       1.42.4-8~deb10u1
ii  libpangocairo-1.0-0  1.42.4-8~deb10u1
ii  libpangoft2-1.0-0    1.42.4-8~deb10u1
ii  libsm6               2:1.2.3-1
ii  libx11-6             2:1.6.7-1
ii  libxext6             2:1.3.3-1+b2
ii  libxi6               2:1.7.9-1
ii  libxinerama1         2:1.1.4-2
ii  libxml2              2.9.4+dfsg1-7+b3
ii  libxmu6              2:1.1.2-2+b3
ii  libxrandr2           2:1.5.1-1
ii  libxrender1          1:0.9.10-1
ii  libxt6               1:1.1.5-1+b3
ii  libxxf86vm1          1:1.1.4-1+b2
ii  xscreensaver-data    5.42+dfsg1-1

Versions of packages xscreensaver recommends:
ii  libjpeg-turbo-progs   1:1.5.2-2+b1
ii  perl                  5.28.1-6
ii  wamerican [wordlist]  2018.04.16-1

Versions of packages xscreensaver suggests:
ii  firefox-esr [www-browser]  68.8.0esr-1~deb10u1
pn  fortune                    <none>
ii  gdm3                       3.30.2-3
ii  links [www-browser]        2.18-2
ii  lynx [www-browser]         2.8.9rel.1-3
pn  qcam | streamer            <none>
ii  w3m [www-browser]          0.5.3-37
pn  xdaliclock                 <none>
pn  xfishtank                  <none>
pn  xscreensaver-data-extra    <none>
pn  xscreensaver-gl            <none>
pn  xscreensaver-gl-extra      <none>

-- no debconf information

Reply via email to