Here’s the Deal
Slant is powered by a community that helps you make informed decisions. Tell us what you’re passionate about to get your personalized feed and help others.
xscreensaver does not grab the keyboard immediately and in all cases. It also does not blank the screen immediately after an unsuspend. This means that a) you might post your password in a chat if you had it focused before the screen lcoked, b) anyone can see your screen if they just open your machine. See More
Authentication and screen saving in separate processes so that crash of these processes will not unlock the screen. The main process is kept minimal for easy auditing. The main process regularly refreshes the screen grabs (just in case). The main process regularly brings its window to the front, to avoid leaking notifications. The main process resizes its window to the size of the root window, avoid leaking information by attaching a secondary display. The main processes uses only a single buffer - to hold a single keystroke. Therefore it is impossible to exploit a buffer overrun in the main process by e.g. an overlong password entry. The only exit condition of the program is the Authentication Module returning with exit status zero, on which xsecurelock itself will return with status zero; therefore especially paranoid users might want to run it as sh -c "xsecurelock ... || kill -9 -1" :) See More