Nico Golde wrote: > Hi Benjamin, > * Benjamin Seidenberg <[EMAIL PROTECTED]> [2007-11-12 12:13]: >> Package: xscreensaver >> Version: 5.03-3 >> Severity: serious >> Tags: security >> Justification: Security Hole - Unintended information disclosure >> >> When xcompmgr is running, the fireworxx hack will display over the live >> screen >> (including any changes post screen-lock). This does not occur when >> xcompmgr is not running. > > I am not really sure if this is a security issue. From my > point of view it is not the work of a screensaver to hide > content but to "save" the screen or to lock it. > Kind regards > Nico
I disagree - I think many people will use the screensaver's lock to prevent other people from reading their screen if they step away. Example: I'm discussing something with my boss over instant message/irc/whatever. I lock my screen and go to the restroom. While I'm away, my boss replies with some sensitive information. I have a reasonable expectation that because my screensaver is locked, no one can read this information except me, when I unlock it. However, while I was in the restroom, the screensaver cycled to fireworxx and the message is available for anyone passing by to read.
signature.asc
Description: OpenPGP digital signature