config.mk: be more explicative about FLAGS
Group each *FLAG with its description and add a NetBSD specific.
Ensure Polyphemus-Mitigation and properly drop privileges
Don't hide privilege drops inside readpw() and actually make it
configurable what you are dropping to in config.h.
The privilege drop comes after opening the Display because the
user "nobody" with "nogroup" can't do that.
So why do I call this strategy the Polyphemus-Mitigation?
After the giant returns in the evening and eats two more of the men,
Odysseus offers Polyphemus some strong and undiluted wine given to him
earlier on his journey. Drunk and unwary, the giant asks Odysseus his
name, promising him a guest-gift if he answers. Odysseus tells him
"Οὖτις", which means "nobody" and Polyphemus promises to eat this
"Nobody" last of all. With that, he falls into a drunken sleep. Odysseus
had meanwhile hardened a wooden stake in the fire and now drives it into
Polyphemus' eye. When Polyphemus shouts for help from his fellow giants,
saying that "Nobody" has hurt him, they think Polyphemus is being
afflicted by divine power and recommend prayer as the answer.
Unify how we check passwords between different OSes
clear passwords with explicit_bzero
Make sure to explicitly clear memory that is used for password input. memset
is often optimized out by the compiler.
Brought to attention by the OpenBSD community, see:
Thread subject: x11/slock: clear passwords with explicit_bzero
- explicit_bzero.c import from libressl-portable.
- Makefile: add COMPATSRC for compatibility src.
- config.mk: add separate *BSD section in config.mk to simply uncomment it on
resize lockscreen window after Xrandr resize
applied sin's patch and prepared new release
applied Robert Schneider's Linux suggestions, also bumped version and updated LICENSE file's copyright notice
applied Eckehard Bern's dualcolor patch to slock
applied Ali Gholami Rudi's patch regarding DPMS timeout customization and persistence
fixed DPMS crashing issue
applied two patches, BSD_AUTH patch and Gottox' DPMS support patch
updating copyright stuff in slock as well
grab on the root window, it is correct, all lockers do that