For many years now, I have used a very simple screen locker called xtrlock in order to stop others from accessing my systems whilst I’m away from my desk. Some time ago, I switched from using Gentoo on my Samsung NC10 netbook to using Arch. Though I prefer Gentoo, it just didn’t make much sense to compile everything on that poor Atom N270 processor (think Chromium or LibreOffice). Anyway, Arch does not have xtrlock in their repositories, likely because it has been abandoned upstream since 2010 (although the Debian homepage for the package shows an update to version 2.2 as of June 2012). So, I needed to find an alternative package for locking my screen.
Seeing as I am a minimalist, I wanted something incredibly lightweight without a bunch of features that I will never use or dependencies linked to the libraries of some particular desktop environment. Through some quick searching, I found slock, which is arguably even lighter and featureless than xtrlock. Xtrlock displays a little blue lock icon in front of the active desktop, only allowing for cursor movement until one enters the password of the user who invoked it. Slock, on the other hand, doesn’t even show the desktop or an icon. Instead, it shows a black screen. Similar to xtrlock, slock requires one to enter the password of the user that started the application in order to see the desktop again. So, both applications are very similar in nature and execution.
Both applications also have a similar “flaw,” which likely won’t have much of an impact, but is worth mentioning. When the screen is locked using either application, one can switch to a different virtual terminal (by using the
CTRL-ALT-F# combination for the desired virtual terminal) without entering the password of the user that started the locking application. Now, that user can log in to the system, but cannot kill xtrlock or slock unless they can become root. However, it does pose a bit of a security concern in some use cases that don’t really apply to my situation. If you can think of some other possibilities, feel free to leave a comment here, and I’ll further investigate.
So, which application is better? Seeing as they both accomplish the same task, they are both lightweight and unobtrusive, and they are both available via Portage, it would seem to be a stalemate. However, the two each have one exclusive plus, respectively. Xtrlock still shows the display. That means that if you are in an environment where you need to have an application (like
watch -n 1 'netstat -tupan' running even whilst you are not directly in front of your computer, it will still run and you can still see it. That may also be an unlikely use case though. Slock, by only showing a black screen and not indicating any type of other activity, may be an added layer of security through obscurity. In either case, both applications are relatively similar.
EDIT: Be sure to view the update to this post for more information about a security problem with
startx and screen lockers.