Bug 346806 – reevaluate screensaver ext

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 346806 - reevaluate screensaver ext


Summary:	reevaluate screensaver ext


Status:	RESOLVED WONTFIX

Product:	gnome-screensaver
Classification:	Deprecated
Component:	daemon
Version:	CVS HEAD
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	gnome-screensaver maintainers
QA Contact:	gnome-screensaver maintainers

URL:
Whiteboard:

Duplicates:	416429 (view as bug list)
Depends on:
Blocks:

Reported:	2006-07-06 21:19 UTC by William Jon McCann
Modified:	2008-11-14 03:30 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description William Jon McCann 2006-07-06 21:19:07 UTC

I talked with Keith Packard at GUADEC.  He had some strong views on not using the screensaver extension.

We have basically inherited jwz's decisions on this.  Some of the reasons for them can be found here:
https://bugs.freedesktop.org/show_bug.cgi?id=1419
http://www.jwz.org/xscreensaver/man1.html

Keith's reasoning for using the extension:
1. Automatically breaks all keyboard and mouse grabs when mapping screensaver window
2. Screensaver ext window prevents any client from grabbing the server and mapping a window over it (ie. spoofing the unlock dialog)
3. Only one client can register for the events

I asked him about Jamie's concerns about problems when fading and he suggested setting the background to none/clear.  Not sure how this will work with Xinerama.

Breaking grabs automatically would be a big win.  I'm sceptical of the spoofing issue.  In part because there is no reason why malware would need to wait until the screen is locked before trying to spoof an authentication prompt.  It could do it before the screensaver extension has indicated idleness.  The real solution for this is to eliminate password prompts.

TODO:
* detail and analyze jwz's objections
* write some test cases

Comment 1 William Jon McCann 2006-07-11 18:56:05 UTC

I used beforelight as a test case and added some keyboard grabbing code.  It doesn't seem to break keyboard grabs as Keith suggested.  I read through the xorg ext saver code and couldn't see where it was doing anything with grabs.

Without breaking grabs I don't think the ext is very interesting to us.  Obscuring the window XID by not including it in the window tree is not interesting.  And I still don't think preventing server grabs is much of a win either since malware can prompt before screensaver activation, kill the X client, or kill the screensaver process.

Also note that xscreensaver does not break keyboard grabs on activation.

I still think that management of policy (both screensaver and DPMS) should be done outside the X server.

Ray, if you are watching, do you have any insight into what Keith may have been referring to with the grab breaking?

Comment 2 Ray Strode [halfline] 2006-09-05 14:55:53 UTC

Nope.

Comment 3 William Jon McCann 2006-09-05 15:04:45 UTC

Also related to bug 353437.

Comment 4 William Jon McCann 2007-04-23 15:15:09 UTC

*** Bug 416429 has been marked as a duplicate of this bug. ***

Comment 5 Ray Strode [halfline] 2007-07-25 03:02:49 UTC

For those wanting to follow along, there was some discussion and ideas about using the screensaver extension in this thread:

http://mail.gnome.org/archives/screensaver-list/2007-July/msg00007.html

Comment 6 William Jon McCann 2008-11-14 03:30:13 UTC

Using the IDLETIME xsync counter now (finally).