xlockmore - serious security issue

Anish Mistry amistry at am-productions.biz
Tue Jun 13 15:07:55 UTC 2006 

On Tuesday 13 June 2006 10:51, Andrew Pantyukhin wrote:
> On 6/13/06, Anish Mistry <amistry at am-productions.biz> wrote:
> > On Tuesday 13 June 2006 07:54, Andrew Pantyukhin wrote:
> > > On 6/13/06, Anton Berezin <tobez at tobez.org> wrote:
> > > > On Tue, Jun 13, 2006 at 03:18:16PM +0400, Andrew Pantyukhin 
wrote:
> > > > > For months I've been in doubt, holding my own insanity
> > > > > responsible for compromising my own workstation for
> > > > > several times on end.
> > > > >
> > > > > The problem is that xlockmore exits all by itself when
> > > > > left alone for a couple of days. It works all right
> > > > > overnight, but when left for the weekend, it almost
> > > > > certainly fails. I just come to work and see that my
> > > > > workstation is unlocked, what a surprise.
> > > > >
> > > > > At first I was sure that xlockmore could not just fail like
> > > > > that, that it was me who forgot to launch it before
> > > > > leaving. But for the last few times (over a month,
> > > > > considering that I can only experiment at weekends), I made
> > > > > a strong mental note about me launching xlock (I do it from
> > > > > the fluxbox context menu, btw).
> > > > >
> > > > > Has anyone experienced this? My xlockmore is compiled
> > > > > without any knobs tweaked. I use 5.22 and I'm not sure
> > > > > if this problem was there in 5.21 or earlier versions. What
> > > > > I am sure of is that I've used xlockmore for over a year
> > > > > and never had this problem until a few months back.
> > > >
> > > > Any coredumps?
> > >
> > > Nope. None at all.
> > >
> > > > What -modes do you use?  Other command line parameters?
> > >
> > > I just run "xlock". No args.
> > >
> > > > Sounds like a random -mode failure to me.
> > >
> > > Now that you mention it, it does. I'll try to stick to swarm. I
> > > kinda like random modes, though.
> >
> > I just stick with a blank screen and works fine for several weeks
> > at a time.  I found some of the GL screensavers to cause
> > problems.
>
> Ask me - we should mark this port forbidden and/or make
> and entry in vuxml until we resolve this issue. Let's make
> blank screen the default behavior or something. To leave
> this as is is unacceptable.
I think making the blank screen default or disabling the GL modes and 
marking it forbidden if you toggle the switch to enable the GL modes, 
should be sufficient.  Ideally someone who cares about the GL modes 
should probably look into fixing the problem.

-- 
Anish Mistry
amistry at am-productions.biz
AM Productions http://am-productions.biz/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20060613/ff56bf44/attachment.pgp

More information about the freebsd-ports mailing list