From owner-freebsd-ports@FreeBSD.ORG  Sun Jan 14 18:28:47 2007
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
X-Original-To: ports@freebsd.org
Delivered-To: freebsd-ports@FreeBSD.ORG
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id CF09816A40F;
	Sun, 14 Jan 2007 18:28:47 +0000 (UTC)
	(envelope-from peterjeremy@optushome.com.au)
Received: from turion.vk2pj.dyndns.org
	(c220-239-3-125.belrs4.nsw.optusnet.com.au [220.239.3.125])
	by mx1.freebsd.org (Postfix) with ESMTP id 499FF13C459;
	Sun, 14 Jan 2007 18:28:44 +0000 (UTC)
	(envelope-from peterjeremy@optushome.com.au)
Received: from turion.vk2pj.dyndns.org (localhost.vk2pj.dyndns.org [127.0.0.1])
	by turion.vk2pj.dyndns.org (8.13.8/8.13.8) with ESMTP id l0EIShRI018648;
	Mon, 15 Jan 2007 05:28:43 +1100 (EST)
	(envelope-from peter@turion.vk2pj.dyndns.org)
Received: (from peter@localhost)
	by turion.vk2pj.dyndns.org (8.13.8/8.13.8/Submit) id l0EISfEY018647;
	Mon, 15 Jan 2007 05:28:41 +1100 (EST) (envelope-from peter)
Date: Mon, 15 Jan 2007 05:28:41 +1100
From: Peter Jeremy <peterjeremy@optushome.com.au>
To: infofarmer@freebsd.org
Message-ID: <20070114182841.GM11085@turion.vk2pj.dyndns.org>
References: <cb5206420606130418x706ccd61t5840bd2b0c00f61b@mail.gmail.com>
	<20060613113151.GC8105@heechee.tobez.org>
	<cb5206420606130454i2c4fac71m53c7b2d81839e7dd@mail.gmail.com>
	<200606131037.58401.amistry@am-productions.biz>
	<cb5206420606130751s65808df2rb39b2ebb163757c4@mail.gmail.com>
	<20060613234027.GC1074@zaphod.nitro.dk>
	<cb5206420701131119o39a9a894wc48743ede116fcd8@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="ftEhullJWpWg/VHq"
Content-Disposition: inline
In-Reply-To: <cb5206420701131119o39a9a894wc48743ede116fcd8@mail.gmail.com>
X-PGP-Key: http://members.optusnet.com.au/peterjeremy/pubkey.asc
User-Agent: Mutt/1.5.13 (2006-08-11)
Cc: Doug Barton <dougb@freebsd.org>, Tobias Roth <ports@fsck.ch>,
	UMENO Takashi <umeno@rr.iij4u.or.jp>, FreeBSD Ports <ports@freebsd.org>,
	"Simon L. Nielsen" <simon@freebsd.org>,
	Anish Mistry <amistry@am-productions.biz>
Subject: Re: xlockmore - serious security issue
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 14 Jan 2007 18:28:47 -0000


--ftEhullJWpWg/VHq
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

[I'm not sure why this thread is being resurrected after 6 months]

On Sat, 2007-Jan-13 22:19:49 +0300, Andrew Pantyukhin wrote:
>On 6/14/06, Simon L. Nielsen <simon@freebsd.org> wrote:
>>On 2006.06.13 18:51:48 +0400, Andrew Pantyukhin wrote:
>>> On 6/13/06, Anish Mistry <amistry@am-productions.biz> wrote:
>>> >On Tuesday 13 June 2006 07:54, Andrew Pantyukhin wrote:
>>> >> On 6/13/06, Anton Berezin <tobez@tobez.org> wrote:
>>> >> > On Tue, Jun 13, 2006 at 03:18:16PM +0400, Andrew Pantyukhin wrote:
>>> >> > > The problem is that xlockmore exits all by itself when
>>> >> > > left alone for a couple of days. It works all right overnight,
>>> >> > > but when left for the weekend, it almost certainly fails. I
>>> >> > > just come to work and see that my workstation is unlocked,
>>> >> > > what a surprise.

I came across this problem several years ago.  I drive xlock from
another program (that records my working time) so I just modified my
calling program to loop until xlock exits normally.  As a result,
when xlock crashes, I see the unlocked screen flash and then relock.
That's good enough for me.

>Now that we had this discussion, I only use the swarm
>mode and never had any problems with it. But what
>about those who still don't know about the issues?

I agree that this would be an issue for some people.  It's not clear
to me that it's enough of an issue to forbid the port.

>I'm quite sure an ignorable/overlookable message is
>not enough.

This is a generic problem with the existing pkg_message approach.

> A user must fully understand all the
>implications of this software being used. If it's
>fundamentally flawed, let's forbid/remove it _until_
>the author has a statement for us, not after that.

As an alternative, how about we just install xlock in ${X11BASE}/libexec
and have ${X11BASE}/bin/xlock be something like:

#!/bin/sh
until ${X11BASE}/libexec/xlock "$@" ; do true; done

(Add error checking as necessary).
--=20
Peter Jeremy

--ftEhullJWpWg/VHq
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (FreeBSD)

iD8DBQFFqnZZ/opHv/APuIcRApB6AJ9PWyixJxtZyevgWzk0l6jeAi+fGACdErIp
sITpgBlO2yZRZhTyv+vkjS4=
=xgop
-----END PGP SIGNATURE-----

--ftEhullJWpWg/VHq--