1 files changed, 9 insertions, 5 deletions

diff --git a/desktop/i3lock/i3lock.SlackBuild b/desktop/i3lock/i3lock.SlackBuild
index 5fa35477e6..9993dee116 100644
--- a/desktop/i3lock/i3lock.SlackBuild
+++ b/desktop/i3lock/i3lock.SlackBuild
@@ -23,7 +23,7 @@
 #  ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 PRGNAM=i3lock
-VERSION=${VERSION:-2.9.1}
+VERSION=${VERSION:-2.10}
 BUILD=${BUILD:-1}
 TAG=${TAG:-_SBo}
 
@@ -71,15 +71,19 @@ find -L . \
 
 # This patch removes all the PAM-related code,
 #   and checks the password against shadow instead.
-patch -p0 -i $CWD/i3lock-2.9.1-no-pam.patch
+patch -p0 -i $CWD/i3lock-2.10-no-pam.patch
 
 make install DESTDIR=$PKG
 
 # i3lock needs setuid to make sure it isn't killed by the kernel and to read shadow.
 # Don't worry, the privileges are dropped really soon after starting
-#   and everything else runs as your user.
-chown root:shadow $PKG/usr/bin/i3lock
-chmod 4755 $PKG/usr/bin/i3lock
+#   and everything else runs without privileges.
+chown 0.0 $PKG/usr/bin/i3lock
+chmod 4751 $PKG/usr/bin/i3lock
+# We need setuid to set the out of memory score, and drop permissions once done.
+# This makes the program's init slightly more insecure, since we'd only need
+# setgid to change the group to shadow to read the password, otherwise.
+# In fact, both Slackware's xlock and xscreensaver use (root.shadow 2751) as permissions.
 
 find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \
   | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true