← Back to team overview

compiz team mailing list archive

[Bug 761129] [NEW] unauthorized access to desktop before appearance of screen unlock form

 

*** This bug is a security vulnerability ***

You have been subscribed to a public security bug:

Binary package hint: gnome-screensaver

I can interact with gnome desktop environment for a few seconds before
unlock screen  appears.

Steps to reproduce:
1. Open launch menu and select any item without launching it.
2. Leave computer for a while.
3. When screen goes black (using blank screen screensaver) move a mouse.
4. For a few seconds you get access to desktop like it is unlocked.
5. Screen goes black and you need to enter password to unlock PC

Without step 1 anything is fine. Tested my netbook under 100%CPU load.

ProblemType: Bug
DistroRelease: Ubuntu 11.04
Package: gnome-screensaver 2.30.2-0ubuntu2
ProcVersionSignature: Ubuntu 2.6.38-8.42-generic 2.6.38.2
Uname: Linux 2.6.38-8-generic i686
Architecture: i386
Date: Fri Apr 15 00:28:38 2011
GconfGnomeSession:
 idle_delay = 5
  /desktop/gnome/session/required_components:
   windowmanager = gnome-wm
GnomeSessionIdleInhibited: No
GnomeSessionInhibitors: None
InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Alpha i386 (20110321)
ProcEnviron:
 LANGUAGE=ru_RU:en
 LANG=ru_RU.UTF-8
 SHELL=/bin/bash
SourcePackage: gnome-screensaver
UpgradeStatus: No upgrade log present (probably fresh install)
WindowManager: gnome-wm

** Affects: compiz (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: apport-bug i386 natty
-- 
unauthorized access to desktop before appearance of screen unlock form 
https://bugs.edge.launchpad.net/bugs/761129
You received this bug notification because you are a member of compiz packagers, which is subscribed to compiz in Ubuntu.