Incomplete locking when run on Wayland #21
Comments
|
This sounds potentially worrying. Are you running on Wayland? Our guess is that this could happen when pyxtrlock is run on Wayland through XWayland. XWayland probably doesn’t give us enough control to securely lock the screen, so there’s likely nothing we can do to fix this. pyxtrlock would have to be reimplemented as pywtrlock, targetting Wayland platforms. We’ll update pyxtrlock to detect whether it’s running on Wayland and fail with an error message. |
|
Yes, we are using Wayland. It makes a lot of sense :) Is there any way of making it compatible with Wayland? Thanks |
|
Unfortunately not, sorry. For wayland, a similar screen locker would have to be implemented from scratch. To avoid giving false security impressions, we’ve released pyxtrlock 0.4 with a patch that tries to detect non-X11 sessions and refuses to run if such a session is detected. |
|
Thanks. Happy to be of help ;)
I have seen you have submitted a cve for this. Is this a real vulnerability
in wayland or just a lack of compatibility?
El El mié, 6 mar 2019 a las 19:40, Leon Weber <notifications@github.com>
escribió:
… Unfortunately not, sorry. For wayland, a similar screen locker would have
to be implemented from scratch.
To avoid giving false security impressions, we’ve released pyxtrlock 0.4
with a patch that tries to detect non-X11 sessions and refuses to run if
such a session is detected.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#21 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AMK55i9aeG1nV1FQX0ZZ79_jlbLVcURYks5vUBmWgaJpZM4bSBDF>
.
|
|
It’s not a vulnerability in Wayland, pyxtrlock just is not designed to lock a wayland session. Pyxtrlock is purely designed to lock X11 sessions. The CVE request is for pyxtrlock giving the false impression to securely lock the session, while input to non-X11 windows remains unlocked. |
Hi
I have installed pyxtrlock in a fedora laptop, and, when executing it, the browser is displayed with the padlock and i cant do anything on it, great...
But, if i hit any keyboard shortcut, or if i hit the activity bar with the mouse, i can still use the computer as normal. It looks like it only blocks the interaction of the keyboard with the browser
Am i doing something wrong? Is there any config i need to apply?
Thanks
The text was updated successfully, but these errors were encountered: