On Mon, April 9, 2018 8:34 pm, Stephen John Smoogen wrote: > On 9 April 2018 at 04:47, Tom Grace <lists-in at deathbycomputers.co.uk> > wrote: >> On 09/04/2018 07:47, Nicolas Kovacs wrote: >>> I didn't know a screensaver was that critical. >> >> It's critical in that XScreenSaver deals with locking the screen/dealing >> with passwords. I believe the fancy animation bits are separate. >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> https://lists.centos.org/mailman/listinfo/centos > > xscreensaver is security critical for the following reasons: > 1. Several of the screensavers take user input which may not be the > main user. If the software has a security problem. those plugins could > overwrite the users data. > 2. If the user is expecting that the xscreensaver is locking out a > user and it does not then that is security related > 3. The way X works is that every X application can listen to all mouse > and keyboard actions. This also has a security context. > > For many sites, any of these make Xscreensaver into a high security > item. It makes perfect sense from jwz's point of view because several > times something 'simple' in an xscreensaver code has turned into a > meltdown somewhere. And the fact that people email him before emailing > the EPEL maintainer or opening a bugzilla about it says his time is > better served saying "not my problem mate." Thanks, Stephen, for returning the sanity to the World! Valeri > > -- > Stephen J Smoogen. > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos > ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++