On 9 April 2018 at 04:47, Tom Grace lists-in@deathbycomputers.co.uk wrote:
On 09/04/2018 07:47, Nicolas Kovacs wrote:
I didn't know a screensaver was that critical.
It's critical in that XScreenSaver deals with locking the screen/dealing with passwords. I believe the fancy animation bits are separate. _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
xscreensaver is security critical for the following reasons: 1. Several of the screensavers take user input which may not be the main user. If the software has a security problem. those plugins could overwrite the users data. 2. If the user is expecting that the xscreensaver is locking out a user and it does not then that is security related 3. The way X works is that every X application can listen to all mouse and keyboard actions. This also has a security context.
For many sites, any of these make Xscreensaver into a high security item. It makes perfect sense from jwz's point of view because several times something 'simple' in an xscreensaver code has turned into a meltdown somewhere. And the fact that people email him before emailing the EPEL maintainer or opening a bugzilla about it says his time is better served saying "not my problem mate."