← Back to team overview

desktop-packages team mailing list archive

[Bug 1280300] Re: Desktop contents displayed on resume, before lock screen is shown

 

Still seeing this bug in Ubuntu 15.10 64-bit with Unity 3D, and have
seen it in every Ubuntu version going back to at least 2011, across
several different laptops from different manufacturers (Chromebook,
Thinkpad, and Dell something-or-other).  It happens reliably every time
I resume from suspend - doesn't matter if I suspended through the menu
or by closing the lid.

How is this not considered a major security bug?  If someone steals my
laptop they can see anything I was doing before suspending.  Information
leakage like this should be treated as high priority.

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-screensaver in Ubuntu.
https://bugs.launchpad.net/bugs/1280300

Title:
  Desktop contents displayed on resume, before lock screen is shown

Status in gnome-screensaver package in Ubuntu:
  Confirmed

Bug description:
  I am running 14.04. When I resume from sleep, the contents of my
  desktop (including any open windows, emails, etc) are displayed
  onscreen briefly before the unlock screen is shown. This potentially
  allows an attacker to view the contents of a locked screen.

  To reproduce:
  1) Suspend a machine, e.g. by closing the lid
  2) Resume the machine

  Expected results:
  Upon resume, the first thing shown onscreen is the screensaver unlock screen.

  Actual results:
  Upon resume, the first thing shown onscreen is the set of open windows that were displayed before the machine was put to sleep. After a second or two, the unlock screen is drawn and you have to enter a password to unlock the machine.

  This is reproducible on my system.

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: gnome-screensaver 3.6.1-0ubuntu9
  ProcVersionSignature: Ubuntu 3.13.0-8.28-generic 3.13.2
  Uname: Linux 3.13.0-8-generic x86_64
  ApportVersion: 2.13.2-0ubuntu2
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Fri Feb 14 09:05:50 2014
  DistributionChannelDescriptor:
   # This is a distribution channel descriptor
   # For more information see http://wiki.ubuntu.com/DistributionChannelDescriptor
   canonical-oem-somerville-precise-amd64-20130203-1
  EcryptfsInUse: Yes
  GnomeSessionIdleInhibited: No
  GnomeSessionInhibitors: None
  GsettingsGnomeSession:
   org.gnome.desktop.session session-name 'ubuntu'
   org.gnome.desktop.session idle-delay uint32 300
  InstallationDate: Installed on 2013-12-02 (73 days ago)
  InstallationMedia: Ubuntu 12.04 "Precise" - Build amd64 LIVE Binary 20130203-13:50
  SourcePackage: gnome-screensaver
  UpgradeStatus: Upgraded to trusty on 2014-02-12 (1 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-screensaver/+bug/1280300/+subscriptions