oss-sec mailing list archives
Re: Re: XScreenSaver 5.45: Disconnecting a video output can cause XScreenSaver to crash and unlock
From: "Mike O'Connor" <mjo () dojo mi org>
Date: Sun, 6 Jun 2021 07:52:22 -0400
:On Sat, Jun 05, 2021 at 02:55:10AM +0200, Marek Marczykowski-Górecki wrote: :> The issue affects only XScreenSaver version 5.45. Versions 5.44 and :> older, as well as 6.00, are not affected. The XScreenSaver author was :> notified about this issue and decided not to publish an advisory, as the :> issue does not affect the most recent version. :> :> The Qubes Security Team has decided to address this issue in Qubes OS by :> patching this specific bug rather than immediately upgrading to the 6.00 :> version. : :And here is the patch applied in Qubes OS: :https://github.com/QubesOS/qubes-xscreensaver/blob/master/0001-Fix-updating-outputs-info.patch Having said that, one of the big changes in XScreenSaver 6.00 involves security improvements for this situation, so it's worth noting here: https://www.jwz.org/blog/2021/04/xscreensaver-6-00-out-now/ I have significantly refactored the XScreenSaver daemon, the component of the XScreenSaver suite that provides screen locking on X11 systems. These changes greatly reduce the amount of code running in the "critical" section: the part of the code where a crash would cause the screen to unlock. That critical section is now only around 1,800 lines of code, a reduction of roughly 87%. etc. -- Michael J. O'Connor mjo () dojo mi org =--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--= "I never look back, darling. It distracts me from the now." -Edna Mode
Current thread:
- XScreenSaver 5.45: Disconnecting a video output can cause XScreenSaver to crash and unlock Marek Marczykowski-Górecki (Jun 05)
- Re: XScreenSaver 5.45: Disconnecting a video output can cause XScreenSaver to crash and unlock Marek Marczykowski-Górecki (Jun 05)
- Re: Re: XScreenSaver 5.45: Disconnecting a video output can cause XScreenSaver to crash and unlock Mike O'Connor (Jun 06)
- Re: XScreenSaver 5.45: Disconnecting a video output can cause XScreenSaver to crash and unlock Gianluca Gabrielli (Jun 10)
- Re: XScreenSaver 5.45: Disconnecting a video output can cause XScreenSaver to crash and unlock Marek Marczykowski-Górecki (Jun 10)
- Re: XScreenSaver 5.45: Disconnecting a video output can cause XScreenSaver to crash and unlock Gianluca Gabrielli (Jun 11)
- Re: XScreenSaver 5.45: Disconnecting a video output can cause XScreenSaver to crash and unlock Marek Marczykowski-Górecki (Jun 10)
- Re: XScreenSaver 5.45: Disconnecting a video output can cause XScreenSaver to crash and unlock Marek Marczykowski-Górecki (Jun 05)