Re: [hackers] [PATCH] [slock] Remove faulty example and add a section on security considerations

From: FRIGN <dev_AT_frign.de>
Date: Wed, 28 Sep 2016 21:48:25 +0200

On Wed, 28 Sep 2016 21:41:36 +0200
Klemens Nanni <kl3_AT_posteo.org> wrote:

Hey Klemens,

> I removed media upload and SMS support since those features can easily
> be added using a small wrapper script.

I don't see the gain anyway with that but to each his own. If somebody
tried to access my computer, it gives the red color, which is
sufficient. All the cruft introduced with these changes just makes
slock more insecure.

> Setting `DontVTSwitch' in xorg.conf(5) disables this feature
> completely whereas chjj's fork (which mine is based on) blocks it in
> slock only, which is imho a much saner approach since there are many
> legitimate reasons to use multiple virtual terminals.

Can you point me to the piece of code that disables VT-switching in
your fork? I couldn't find it.

> Same story for `DontZap': I like quickly killing X with Ctrl+Alt+BS
> while this should obviously be forbidden on a locked screen.

What you do is call
        system("doas setxkbmap -option &");
which disables Ctrl+Alt+Backspace for the entire session. So you can
only kill your X server until you have locked your screen once. It
won't work afterwards, which sucks and is unpredictable.

Cheers

FRIGN

-- 
FRIGN <dev_AT_frign.de>
Received on Wed Sep 28 2016 - 21:48:25 CEST

This archive was generated by hypermail 2.3.0 : Wed Sep 28 2016 - 21:48:29 CEST