(In reply to Landry Breuil from comment #1) > I think the original idea of setting PATH to a limited 'trusted' list of > subdirs was to avoid potential attackers/malwares to drop malicious > replacements for xlock/etc in user-writable directories potentially in the > user's PATH...
Now that there is the xfconf option, is that somehow protected from potential attackers/malwares? If not, playing with the PATH does not help much. Besides it also matters how xflock4 is called. For example I have used a custom xflock4 in /usr/local/bin which directory is checked before /usr/bin in Ubuntu Linux (due to PATH). It might be better not to touch PATH at all to avoid creating false feeling of security. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1766765 Title: xflock4 fails if light-locker installed in /usr/local/bin To manage notifications about this bug go to: https://bugs.launchpad.net/xfce4-session/+bug/1766765/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
