Red Hat Bugzilla – Bug 139513
Xscreensaver shows explicit sexual content
Last modified: 2007-11-30 17:10:54 EST
Description of problem:
I'm using the default setup with kde which is using a random
screensaver. Much to my dissatisfaction I left my computer idle for an
hour or so and when I returned, my monitor was filled with hardcore
porn. The screensaver in question is called webcollage.
Version-Release number of selected component (if applicable):
I used the following command to see which URLs the screensaver was
/usr/X11R6/lib/xscreensaver/webcollage -urls-only -verbose
Steps to Reproduce:
1. /usr/X11R6/lib/xscreensaver/webcollage -urls-only -verbose
A desktop full of porn
A desktop NOT FILLED WITH PORN!
This was fixed for RHEL 3, but I somehow missed doing it for FC3.
I'll get this taken care of.
*** Bug 139777 has been marked as a duplicate of this bug. ***
webcollage has been turned off by default in the official xscreensaver
distribution since version 4.03 (11-may-2002.)
(Please do not fix this by deleting webcollage: simply update the
XScreenSaver app-defaults file you ship to disable it by default, so
that people who *do* want to enable it still have the ability to do so.)
Jamie, there's no way except to delete webcollage (and any other screensaver
that may be offensive) to prevent it from popping up for *KDE* users in random
mode. The KDE control center offers no means for taking screensavers out of
random circulation - it's everything or er, everything I guess.
Perhaps KDE should default the screensaver to a blank screen like GNOME does to
at least stop this sort of thing happening "out of the box".
> The KDE control center offers no means for taking screensavers out of
> random circulation - it's everything or er, everything I guess.
That sounds like a pretty stupid bug in KDE, then.
They should fix that.
My policy on KDE and xscreensaver:
*** Bug 149803 has been marked as a duplicate of this bug. ***
Is this at least fixed in FC4?
Yes, this will be fixed for FC4.
I propose totally deleting webcollage for all future distributions until KDE
fixes this. It is unacceptable to have this screensaver possible to seen by
default on our desktop. webcollage is also of zero value unless you happen to
*LIKE* seeing random porn.
I still think it would be wise to default the screensavers to a blank
screen/something fixed rather than random (although I bet eventually that will
outrage someone too). Sooner or later someone will find something offensive in
another randomly on screensaver and we go round again...
(Apologies for mispelling your name earlier Warren)
Also reported on the Debain bugzilla:
I agree with Warren Tomagi and others that Web Collage should be removed from
the Fedora and RedHat package in future distributions. The program is offensive
and can cause potential security problem. I have seen enough.
*** Bug 140684 has been marked as a duplicate of this bug. ***
There is an option to WebCollage to pull images from LiveJournal instead of the
entire web, why not set it up to behave that way by default?
LiveJournal has porn just like the rest of the web. You can see for yourself at:
All kinds of wild stuff shows up there. Just about the ONLY safe source of
images would be some news source like CNN.
Fedora Core 3 is now maintained by the Fedora Legacy project for security
updates only. If this problem is a security issue, please reopen and
reassign to the Fedora Legacy product. If it is not a security issue and
hasn't been resolved in the current FC5 updates or in the FC6 test
release, reopen and change the version to match.
Closing per lack of response to previous request for information.
This bug was originally filed against a much earlier version of Fedora
Core, and significant changes have taken place since the last version
for which this bug is confirmed.
Note that FC3 and FC4 are supported by Fedora Legacy for security
fixes only. Please install a still supported version and retest. If
it still occurs on FC5 or FC6, please reopen and assign to the correct
version. Otherwise, if this a security issue, please change the
product to Fedora Legacy. Thanks, and we are sorry that we did not
get to this bug earlier.