Bug#311683: xscreensaver: web collage screensaver makes debian "default install" of kde show porn
Le vendredi 03 juin 2005 à 13:02 +0200, R. Armiento a écrit :
> And by 'disabled' I suppose you mean that the default setting of xscreensaver
> randomizer does not pick WebCollage.
Also, the netpbm package, required by webcollage, is only recommended by
xscreensaver.
> Also, a user playing around in the xscreensaver/'Gnome screensaver config' will
> trigger the preview of WebCollage before it is possible to read the explicit
> warnings in the settings dialog. The possibility of unintentional triggering
> of sexually explicit content in the preview box on the screen while configuring
> screensavers is still bad. This issue may not be as grave as "porn by default
> in kde", but people working for a company that supervise network usage could
> still potentially get fired for the actions of the WebCollage preview.
Maybe adding a warning in the hack list would be enough.
> > Actually this shouldn't be a problem, as a hack crashing doesn't make
> > the server crash.
>
> This argument assumes that the worst thing that can happen is the screensaver
> process crashing. However, an image constructed with malicious intent could let
> an attacker take over the WebCollage process, and ultimately give full access
> to the users account.
Indeed, but with a correctly up-to-date computer that's not an issue.
Another reason for not adding it to the default configuration, but not
to remove it entirely.
--
.''`. Josselin Mouette /\./\
: :' : josselin.mouette@ens-lyon.org
`. `' joss@debian.org
`- Debian GNU/Linux -- The power of freedom
Reply to: