[Secure-testing-team] Bug#692737: suckless-tools: newer slock versions prevents unwanted exposure of passwords
Nico Golde
nion at debian.org
Thu Nov 8 12:16:01 UTC 2012
Package: suckless-tools
Version: 38-2
Severity: grave
Justification: user security hole
Hey,
this package has not updated any of the tools included since two years.
Please package newer tools, especially but most important slock.
The current version of slock has no indication whatsoever that a screen lock is active.
After a longer idle period of the display, it is therefore impossible to distinguish between a locked
screen and an inactive screen. As a result, it is not too difficult to write your password somewhere
you don't want to because you assumed the screen was locked.
Hence I marked this as grave, this happened to me multiple times.
Newer slock versions have a color indication once you hit the first key on the keyboard that shows
you that the lock is active.
Kind regards
Nico
More information about the Secure-testing-team
mailing list