https://bugzilla.xfce.org/show_bug.cgi?id=8993
Steve Dodier-Lazaro <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #8 from Steve Dodier-Lazaro <[email protected]> --- I am against this patch being applied. Xflock4 already needs fixing in that it allows people to launch arbitrary screensavers (e.g. ~/.local/bin/xscreensaver) by tweaking their session environment, which is insecure. The locker could of course have a form of xfconf key to help users choose their screensaver, but all screensavers should be looked up exclusively in /usr, and we should check the actual binaries are owned by root. I'll make a separate report with more details about that. Wrt. the patch itself, why not add the content of the xfconf key to the existing locker lists? And in fact if there are two very specific behaviours, two separate xfconf keys could be used. In any case the script would need to be rewritten to ensure it picks the list with the user-chosen locker first. -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ Xfce-bugs mailing list [email protected] https://mail.xfce.org/mailman/listinfo/xfce-bugs
