XScreenSaver explained

XScreenSaver
Author:Jamie Zawinski
Developer:Jamie Zawinski
Latest Release Version:6.08
Latest Release Date:[1]
Operating System:Unix, macOS, iOS, Android
Programming Language:ANSI C, X11, OpenGL
Genre:Screensaver
License:MIT License[2]

XScreenSaver is a free and open-source collection of 240+[3] screensavers for Unix, macOS, iOS and Android operating systems. It was created by Jamie Zawinski in 1992 and is still maintained by him, with new releases coming out several times a year.[4]

Platforms

The free software and open-source Unix-like operating systems running the X Window System (such as Linux and FreeBSD) use XScreenSaver almost exclusively. On those systems, there are several packages: one for the screen-saving and locking framework, and two or more for the display modes, divided somewhat arbitrarily.[5]

On Macintosh systems, XScreenSaver works with the built-in macOS screen saver.

On iOS systems, XScreenSaver is a stand-alone app that can run any of the hacks full-screen.

On Android systems, the XScreenSaver display modes work either as normal screen savers (which Android sometimes refers to as "Daydreams") or as live wallpapers.

There is no official version for Microsoft Windows, and the developer discourages anyone from porting it. The author considers Microsoft to be "a company with vicious, predatory, anti-competitive business practices"[6] and says that, as one of the original authors of Netscape Navigator, he holds a "personal grudge" against Microsoft because of its behavior during the First Browser War.

Software Architecture

The XScreenSaver daemon is responsible for detecting idle-ness, blanking and locking the screen, and launching the display modes. The display modes (termed "hacks" from the historical usage "display hack") are each stand-alone programs.

This is an important security feature, in that the display modes are sandboxed into a separate process from the screen locking framework. This means that a programming error in one of the graphical display modes cannot compromise the screen locker itself (e.g., a crash in a display mode will not unlock the screen).

It also means that a third-party screen saver can be written in any language or with any graphics library, so long as it is capable of rendering onto an externally provided window.

For historical and portability reasons, the included hacks are all written in ANSI C. About half of them use the X11 API, and about half use the OpenGL 1.3 API.

Rather than forking the code-base and re-writing the hacks to target different platforms, XScreenSaver contains a number of compatibility layers.

Security

In addition to sandboxing the display modes, the XScreenSaver daemon links with as few libraries as possible. In particular, it does not link against GUI frameworks like GTK or KDE, but uses only raw Xlib for rendering the unlock dialog box.

In recent years, some Linux distributions have begun using the gnome-screensaver or kscreensaver screen-blanking frameworks by default instead of the framework included with XScreenSaver.[9] In 2011, gnome-screensaver was forked as both mate-screensaver and cinnamon-screensaver. Earlier versions of these frameworks still depended upon the XScreenSaver collection of screen savers, which is over 90% of the package.[10] However, in 2011, gnome-screensaver version 3 dropped support for screensavers completely, supporting only simple screen blanking,[11] and as of 2018, Linux Mint's cinnamon-screensaver 4.0.8 no longer supports the XScreenSaver hacks.[12]

Those Linux distributions that have replaced XScreenSaver with other screen-locking frameworks have suffered notable security problems. Those other frameworks have a history of security bugs that allow the screen to be un-locked without a password, e.g., by simply holding a key down until the locker crashes.[13] [14] [15] [16] [17] [18] [19]

In 2004, Zawinski had written about the architectural decisions made in XScreenSaver with the goal of avoiding this very class of bug,[20] leading him to quip in 2015, "If you are not running XScreenSaver on Linux, then it is safe to assume that your screen does not lock."[21]

Display Modes

The included hacks are highly varied, ranging from simple 2D psychedelia, to 3D demonstrations of complex mathematical principles, to simulations of other computer systems, to re-creations of artifacts and effects from movies.

Though many of the newer hacks take full advantage of the power of modern computers, the age of the project means that some of the older hacks may look dated to modern eyes, as they were originally written for much less powerful computers.

Examples of hacks include:

Some of the included hacks are very similar to demo effects created by the demoscene:

See also

XScreenSaver was featured in Sleep Mode: The Art of the Screensaver,[22] a gallery exhibition curated by Rafaƫl Rozendaal at Rotterdam's Het Nieuwe Instituut in 2017.

Notes and References

  1. Web site: Changelog . 4 March 2024 .
  2. Web site: Debian XScreenSaver copyright list . 24 December 2020 . 24 December 2020 .
  3. Web site: List of screen savers included in the XScreenSaver collection . 8 December 2020 . 24 December 2020.
  4. Web site: XScreenSaver release history . 8 December 2020 . 24 December 2020.
  5. Web site: Debian XScreenSaver package list . 24 December 2020 . 24 December 2020.
  6. Web site: XScreenSaver: Windows Version . www.jwz.org . 24 December 2020.
  7. Web site: jwz.org blog post about the iOS port . 19 June 2012 . 24 December 2020.
  8. Web site: jwz.org blog post about the Android port . 23 May 2016 . 24 December 2020.
  9. Web site: XScreenSaver FAQ regarding KDE/Gnome . 24 December 2020.
  10. Web site: XScreenSaver source code distribution . 8 December 2020 . 24 December 2020.
  11. Re: What is the status of the screensaver in GNOME3?. Giovanni. Campagna. 21 March 2011. gnome-shell.
  12. Web site: Linux Mint 19.1 Announcement . 20 December 2018 . 24 December 2020.
  13. Web site: Gnome-Screensaver Key Flood . 16 April 2014 . 24 December 2020.
  14. Web site: Cinnamon-Screensaver Key Flood . . 22 August 2014 . 24 December 2020.
  15. Web site: CVE-2014-1949, Cinnamon-Screensaver Lock Bypass . 16 January 2015 . 24 December 2020.
  16. Web site: Mandriva Security Advisory MDVSA-2015:162 . 29 March 2015 . 24 December 2020.
  17. Web site: CVE-2015-7496, Hold ESC to unlock Gnome-session GDM . 24 November 2015 . 18 January 2021.
  18. Web site: CVE-2019-3010, Privilege Escalation in Oracle Solaris XScreenSaver fork . 23 October 2019 . 24 December 2020.
  19. Web site: Cinnamon-screensaver lock by-pass via the virtual keyboard . . 15 January 2021 . 15 January 2021.
  20. Web site: XScreenSaver: On Toolkit Dialogs . 19 October 2004 . 24 December 2020.
  21. Web site: jwz.org blog post about Gnome security bugs . 4 April 2015 . 24 December 2020.
  22. Web site: Sleep Mode: The Art of the Screensaver: Jamie Zawinski Interview . 27 January 2017 . 24 December 2020 .