[CentOS] XScreenSaver

Tue Apr 10 13:46:31 UTC 2018
Valeri Galtsev <galtsev at kicp.uchicago.edu>

On Mon, April 9, 2018 8:34 pm, Stephen John Smoogen wrote:
> On 9 April 2018 at 04:47, Tom Grace <lists-in at deathbycomputers.co.uk>
> wrote:
>> On 09/04/2018 07:47, Nicolas Kovacs wrote:
>>> I didn't know a screensaver was that critical.
>>
>> It's critical in that XScreenSaver deals with locking the screen/dealing
>> with passwords. I believe the fancy animation bits are separate.
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> https://lists.centos.org/mailman/listinfo/centos
>
> xscreensaver is security critical for the following reasons:
> 1. Several of the screensavers take user input which may not be the
> main user. If the software has a security problem. those plugins could
> overwrite the users data.
> 2. If the user is expecting that the xscreensaver is locking out a
> user and it does not then that is security related
> 3. The way X works is that every X application can listen to all mouse
> and keyboard actions. This also has a security context.
>
> For many sites, any of these make Xscreensaver into a high security
> item. It makes perfect sense from jwz's point of view because several
> times something 'simple' in an xscreensaver code has turned into a
> meltdown somewhere. And the fact that people email him before emailing
> the EPEL maintainer or opening a bugzilla about it says his time is
> better served saying "not my problem mate."

Thanks, Stephen, for returning the sanity to the World!

Valeri

>
> --
> Stephen J Smoogen.
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++