search

mate-desktop / mate-screensaver

MATE screen saver and locker
https://mate-desktop.org
GNU General Public License v2.0
48 stars 40 forks source link

Feature request: arbitrary command execution #154

Open pixelherodev opened 6 years ago

pixelherodev commented 6 years ago

I'd like to request the ability to run any program as the screensaver. This would be useful for e.g. projectM-pulseaudio, or a custom screensaver program.

lukefromdc commented 6 years ago

That might be a security risk, as a malware installer or malicious user on a multiuser system could potentially exploit it to allow unlocking a locked session of another user.

pixelherodev commented 6 years ago

What if it's run in a sandbox? Could use e.g. firejail to prevent that from happening.

From: lukefromdc notifications@github.com Sent: Sunday, April 29, 2018 6:52:36 PM To: mate-desktop/mate-screensaver Cc: pixelherodev; Author Subject: Re: [mate-desktop/mate-screensaver] Feature request: arbitrary command execution (#154)

That might be a security risk, as a malware installer or malicious user on a multiuser system could potentially exploit it to allow unlocking a locked session of another user.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/mate-desktop/mate-screensaver/issues/154#issuecomment-385272779, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AJ3Qs5ivq4yZm2FG44ltcqy4bR7Zo6WKks5ttgv0gaJpZM4Tru36.

lukefromdc commented 6 years ago

I know little about sandboxing and exploits to jump out of sandboxes so not qualified to pass judgement on that.

Magissia commented 6 years ago

Can't you create an actual screensaver for mate-screensaver instead ?

pixelherodev commented 6 years ago

If I had any experience with GTK, probably.