https://bugzilla.xfce.org/show_bug.cgi?id=8993
--- Comment #9 from Guido Berhoerster <[email protected]> --- (In reply to Steve Dodier-Lazaro from comment #8) > I am against this patch being applied. Xflock4 already needs fixing in that > it allows people to launch arbitrary screensavers (e.g. > ~/.local/bin/xscreensaver) by tweaking their session environment, which is > insecure. > > The locker could of course have a form of xfconf key to help users choose > their screensaver, but all screensavers should be looked up exclusively in > /usr, and we should check the actual binaries are owned by root. I'll make a > separate report with more details about that. Steve, please do so on bug #10217 so that it is all in one place and have a look at comments #20, #21, and #22 (you can ignore the rest) about a sane redesign and reliable locking as proposed by Eric, me and Simon. I'm afraid this is a messy topic with lots of different bug reports where people try to add ever more layers upon a fundamentally flawed design we currently have. > Wrt. the patch itself, why not add the content of the xfconf key to the > existing locker lists? And in fact if there are two very specific > behaviours, two separate xfconf keys could be used. In any case the script > would need to be rewritten to ensure it picks the list with the user-chosen > locker first. No need to, the script just needs to go away, see the proposal in bug #10217. -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ Xfce-bugs mailing list [email protected] https://mail.xfce.org/mailman/listinfo/xfce-bugs
