Re: [hackers] [PATCH] [slock] Remove faulty example and add a section on security considerations

From: Markus Teich <markus.teich_AT_stusta.mhn.de>
Date: Wed, 28 Sep 2016 21:35:14 +0200

FRIGN wrote:
> > I don't think it is that obvious. Have a look at the discussion starting
> > from the slock-1.3 announcement on February 12th this year again. Since the
> > example does not work any more, changing it to `slock sudo s2ram` and adding
> > a note about the needed line in the sudo config so s2ram can be run without
> > a password would be better.
>
> the problem doesn't end there. Also, s2ram is Linux specific and in 99% of the
> cases you run unprivileged after-lock commands. To be honest, I expect any
> half-decent user how to set up doas or sudo.

Heyho,

it's called *example* for a reason. ;)

I think it serves two purposes very well:

1.) Hint the user that he can put his computer to sleep mode. Of course it's
linux specific, but I estimate the probability of a non-linux user being able to
adapt that higher than the probability of any user coming up with this use case
at all.

2.) Show that the post-lock command is not run as root by default. Obviously
sudo is just one way of regaining root for the post-lock command, but it's the
most common and known one and therefore fits well for an *example*. The example
sudo config line is not necessary however, so feel free to leave it out.

--Markus
Received on Wed Sep 28 2016 - 21:35:14 CEST

This archive was generated by hypermail 2.3.0 : Wed Sep 28 2016 - 21:36:25 CEST