X-Debbugs-CC: pe...@riseup.net Pelle <pe...@riseup.net> writes:
>>I cannot answer for Pelle, but I was also experiencing this bug back >>when it was reported. FWIW: I'm unable to reproduce it with 1.6-1. That >>being said, triggering the bug does seem somewhat stochastic, so I can't >>rule out that a bunch more suspend/resume cycles would trigger it. But >>so far, so good! > > Same here, no crashes recently, yay, Great! > however, I think that this crash bug illustrates the more general > issue that the lock screen is bypassed on any crash. Swaylock should > be able to restart itself on failure, perhaps with a daemon. There > could be more vulnerabilities of this class, right? I believe > XScreensaver has a strategy for mitigating these types of vulns too. Indeed. I believe this is what Jonas was referring to when he linked to https://github.com/swaywm/sway/pull/6879 (it is about Sway supporting an extension to the Wayland protocol for performing this kind of locking reliably). This is of course the right way forward, but for now, I think we at least should downgrade the severity of this bug and let swaylock re-enter testing. Best, Gard
signature.asc
Description: PGP signature
