Date: Mon, 15 Jan 2007 05:28:41 +1100 From: Peter Jeremy <peterjeremy@optushome.com.au> To: infofarmer@freebsd.org Cc: Doug Barton <dougb@freebsd.org>, Tobias Roth <ports@fsck.ch>, UMENO Takashi <umeno@rr.iij4u.or.jp>, FreeBSD Ports <ports@freebsd.org>, "Simon L. Nielsen" <simon@freebsd.org>, Anish Mistry <amistry@am-productions.biz> Subject: Re: xlockmore - serious security issue Message-ID: <20070114182841.GM11085@turion.vk2pj.dyndns.org> In-Reply-To: <cb5206420701131119o39a9a894wc48743ede116fcd8@mail.gmail.com> References: <cb5206420606130418x706ccd61t5840bd2b0c00f61b@mail.gmail.com> <20060613113151.GC8105@heechee.tobez.org> <cb5206420606130454i2c4fac71m53c7b2d81839e7dd@mail.gmail.com> <200606131037.58401.amistry@am-productions.biz> <cb5206420606130751s65808df2rb39b2ebb163757c4@mail.gmail.com> <20060613234027.GC1074@zaphod.nitro.dk> <cb5206420701131119o39a9a894wc48743ede116fcd8@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--ftEhullJWpWg/VHq
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
[I'm not sure why this thread is being resurrected after 6 months]
On Sat, 2007-Jan-13 22:19:49 +0300, Andrew Pantyukhin wrote:
>On 6/14/06, Simon L. Nielsen <simon@freebsd.org> wrote:
>>On 2006.06.13 18:51:48 +0400, Andrew Pantyukhin wrote:
>>> On 6/13/06, Anish Mistry <amistry@am-productions.biz> wrote:
>>> >On Tuesday 13 June 2006 07:54, Andrew Pantyukhin wrote:
>>> >> On 6/13/06, Anton Berezin <tobez@tobez.org> wrote:
>>> >> > On Tue, Jun 13, 2006 at 03:18:16PM +0400, Andrew Pantyukhin wrote:
>>> >> > > The problem is that xlockmore exits all by itself when
>>> >> > > left alone for a couple of days. It works all right overnight,
>>> >> > > but when left for the weekend, it almost certainly fails. I
>>> >> > > just come to work and see that my workstation is unlocked,
>>> >> > > what a surprise.
I came across this problem several years ago. I drive xlock from
another program (that records my working time) so I just modified my
calling program to loop until xlock exits normally. As a result,
when xlock crashes, I see the unlocked screen flash and then relock.
That's good enough for me.
>Now that we had this discussion, I only use the swarm
>mode and never had any problems with it. But what
>about those who still don't know about the issues?
I agree that this would be an issue for some people. It's not clear
to me that it's enough of an issue to forbid the port.
>I'm quite sure an ignorable/overlookable message is
>not enough.
This is a generic problem with the existing pkg_message approach.
> A user must fully understand all the
>implications of this software being used. If it's
>fundamentally flawed, let's forbid/remove it _until_
>the author has a statement for us, not after that.
As an alternative, how about we just install xlock in ${X11BASE}/libexec
and have ${X11BASE}/bin/xlock be something like:
#!/bin/sh
until ${X11BASE}/libexec/xlock "$@" ; do true; done
(Add error checking as necessary).
--=20
Peter Jeremy
--ftEhullJWpWg/VHq
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (FreeBSD)
iD8DBQFFqnZZ/opHv/APuIcRApB6AJ9PWyixJxtZyevgWzk0l6jeAi+fGACdErIp
sITpgBlO2yZRZhTyv+vkjS4=
=xgop
-----END PGP SIGNATURE-----
--ftEhullJWpWg/VHq--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070114182841.GM11085>