Package: xscreensaver Version: 5.42+dfsg1-1 Severity: important Dear Maintainer,
Ever since I installed the magic-wormhole package, I have noticed that xscreensaver occasionally throws an error on the screen as follows: ``` Usage: wormhole [OPTIONS] COMMAND [ARGS]... Try "wormhole --help" for help. Error: no such option: -r ``` Luckily, invoking magic-wormhole with invalid options does not result in anything dangerous happening, but it raises the question whether potentially dangerous unintended behaviour is possible. I believe this happens because xscreensaver is searching for known screensaver binaries, and finding `wormhole` in the PATH it blindly assumes that this is the `wormhole` from xscreensaver-data-extra, but it is not installed. xscreensaver SHOULD search for screensavers only in /usr/lib/xscreensaver, where other packages are expected to install them. Any other executable on the PATH which may happen to have the same name as a known screensaver MUST NOT be invoked, as this may result in unintended behaviour. Beware for example that `zoom` is the name of a known screensaver. I am glad that I do not have xscreensaver and zoom.us installed on the same machine. :-) Andrew. -- System Information: Debian Release: 10.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'oldoldstable'), (500, 'stable'), (500, 'oldstable') Architecture: amd64 (x86_64) Kernel: Linux 4.15.0-0.bpo.2-amd64 (SMP w/8 CPU cores) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_WARN, TAINT_OOT_MODULE Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8), LANGUAGE=en_IE:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages xscreensaver depends on: ii libatk1.0-0 2.30.0-2 ii libc6 2.28-10 ii libcairo2 1.16.0-4 ii libfontconfig1 2.13.1-2 ii libfreetype6 2.9.1-3+deb10u1 ii libgdk-pixbuf2.0-0 2.38.1+dfsg-1 ii libglade2-0 1:2.6.4-2+b1 ii libglib2.0-0 2.58.3-2+deb10u2 ii libgtk2.0-0 2.24.32-3 ii libice6 2:1.0.9-2 ii libpam0g 1.3.1-5 ii libpango-1.0-0 1.42.4-8~deb10u1 ii libpangocairo-1.0-0 1.42.4-8~deb10u1 ii libpangoft2-1.0-0 1.42.4-8~deb10u1 ii libsm6 2:1.2.3-1 ii libx11-6 2:1.6.7-1 ii libxext6 2:1.3.3-1+b2 ii libxi6 2:1.7.9-1 ii libxinerama1 2:1.1.4-2 ii libxml2 2.9.4+dfsg1-7+b3 ii libxmu6 2:1.1.2-2+b3 ii libxrandr2 2:1.5.1-1 ii libxrender1 1:0.9.10-1 ii libxt6 1:1.1.5-1+b3 ii libxxf86vm1 1:1.1.4-1+b2 ii xscreensaver-data 5.42+dfsg1-1 Versions of packages xscreensaver recommends: ii libjpeg-turbo-progs 1:1.5.2-2+b1 ii perl 5.28.1-6 ii wamerican [wordlist] 2018.04.16-1 Versions of packages xscreensaver suggests: ii firefox-esr [www-browser] 68.8.0esr-1~deb10u1 pn fortune <none> ii gdm3 3.30.2-3 ii links [www-browser] 2.18-2 ii lynx [www-browser] 2.8.9rel.1-3 pn qcam | streamer <none> ii w3m [www-browser] 0.5.3-37 pn xdaliclock <none> pn xfishtank <none> pn xscreensaver-data-extra <none> pn xscreensaver-gl <none> pn xscreensaver-gl-extra <none> -- no debconf information