Closed RcColes closed 6 years ago
Airblader
commented
6 years ago Hi,
thanks for filing an issue. We categorically do not want to allow such things because they are foot guns. i3lock is a lockscreen centered around simplicity. This is conceptually the same as #52. Thanks for understanding!
Airblader
commented
6 years ago BTW, just to outline two scenarios:
kpcyrd
commented
6 years ago The simplicity part is certainly the stronger argument, but for completeness sake:
- If an attacker gets access to your system for a short time, they can whitelist a malicious application to gain access for a longer period of time later on.
If you have enough time to whitelist malicious applications you could just backdoor the computer itself, either by replacing i3lock or by installing a backdoor that grants you remote access.
- Anyone can create an application pretending to be polybar without being it.
Assuming you don't mean a legitimate fork of polybar that has been installed by the user, a malicious binary pretending to be polybar would need to run as a user that has access to the X socket, in which case the binary is most likely able to just kill the i3lock process.
As per #190 I'll open an issue to discuss whether this feature is considered at all useful for i3lock, instead of a PR.
I've already implemented it at https://github.com/rccoles/i3lock for personal use, I acknowledge it has limited usefulness but thought I should at least show it off here in case somebody thinks the feature could be handy in i3lock in some form.
This adds a -x flag, which accepts a space delimited string of patterns to substring match against X window classes. Any matching windows are then moved above the i3lock window, meaning they display normally.
Possible use cases for this are:
For example
i3lock -u -i /tmp/.i3lock.png -x "polybar tray"Excludes both polybar and stalonetray from the lock screen, allowing them to display on top.