Re: [hackers] [slock] No need for usage() || FRIGN

From: Markus Teich <markus.teich_AT_stusta.mhn.de>
Date: Mon, 15 Feb 2016 11:15:50 +0100

Christoph Lohmann wrote:
> On Sun, 14 Feb 2016 10:46:52 +0100 git_AT_suckless.org wrote:
> > 1) if you are running off git, -v will show the last stable
> > release, effectively making this option useless.
> > people running stable versions leave open an attack surface
> > this way in case there are vulnerabilities found.
> > 99% of the people are also using package managers to keep
> > their software up to date, instead of running $TOOL -v to
> > check how old it is.
> > 2) -h is a sad excuse for not just looking at the manual page
> > (man 1 slock). Given we accept a post_lock_command, we can't
> > be as liberal and just intercept certain flags.
>
> This is suckless software, which should be useful even without a manpage or a
> package manager.

Heyho,

I have to agree with Christoph here. People running off git can just use the rev
id they are using. I don't get what you mean with the attack surface sentence.
I think we can ignore the possibility of someone wanting to call his custom `-h`
or `-v` binary when the screen is locked and revert the commit.

--Markus
Received on Mon Feb 15 2016 - 11:15:50 CET