On Wed, Sep 28, 2016 at 09:09:24PM +0200, FRIGN wrote:
I know this fork, and with the changes presented in this patch, slock is just as secure as his version. The difference is that he for instance implemented ways to upload webcam images to imgur, send SMS's and auto-shutdown when the user tries to switch VT's.
I removed media upload and SMS support since those features can easily be added using a small wrapper script.
I think these changes are not necessary. If somebody tries to change VT's, so be it! Especially because the shutdown sequence can open other attack surfaces, which he also took care of mostly, by disallowing the use of Sysrq in the shutdown sequence. In my opinion, with a strong password and setting the configs as in the manpage, slock is damn secure. It honestly took me a few days to analyze the "paranoid" slock fork to find out that what I did was sufficient.
Setting `DontVTSwitch' in xorg.conf(5) disables this feature completely whereas chjj's fork (which mine is based on) blocks it in slock only, which is imho a much saner approach since there are many legitimate reasons to use multiple virtual terminals. Same story for `DontZap': I like quickly killing X with Ctrl+Alt+BS while this should obviously be forbidden on a locked screen. Best regards, kl3
signature.asc
Description: PGP signature