Re: [hackers] [slock] No need for usage() || FRIGN

From: FRIGN <dev_AT_frign.de>
Date: Mon, 15 Feb 2016 11:35:11 +0100

On Mon, 15 Feb 2016 11:15:50 +0100
Markus Teich <markus.teich_AT_stusta.mhn.de> wrote:

Hey Markus,

> I have to agree with Christoph here. People running off git can just use the rev
> id they are using. I don't get what you mean with the attack surface sentence.

it was a rather weak argument by me, but still a possibility. Say somebody is running
an older version of slock, an "attacker" could probe it out.
However, after further consideration, this could also be done by examining the
behaviour of the problem while locked to identify an older version. Nevermind then.

> I think we can ignore the possibility of someone wanting to call his custom `-h`
> or `-v` binary when the screen is locked and revert the commit.

My considerations here were that it was quite arbitrary not to document -h, given
we "allow" a command to be passed to slock as second + further arguments.
However, I respect your stances on this and will revert it, but also document -h
in the manpage.

Cheers

FRIGN

-- 
FRIGN <dev_AT_frign.de>
Received on Mon Feb 15 2016 - 11:35:11 CET

This archive was generated by hypermail 2.3.0 : Mon Feb 15 2016 - 11:36:22 CET