Connecting external monitor while screen is locked reveals desktop
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gnome-flashback (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[Impact]
When the screen is locked, connecting an external monitor causes the lock screen to appear on the new monitor, but not on the existing monitor, revealing the contents of the desktop contents of that monitor. A potential attacker can see the contents, but not interact with them without unlocking the system.
[Test Case]
Use Ubuntu 20.04 with the Regolith desktop environment.
gnome-flashback version: 3.36.3-0ubuntu1
Lock screen, attach second monitor. This behavior has been observed by myself in the Regolith desktop environment (uses i3), where it shows one of the i3 workspaces. There may also be other desktop environments affected.
Expected behavior is obviously the contents of the desktop should remain hidden.
[Regression Potential]
Unknown. However, the patch seems trivial and specific for this issue.
[Other Info]
Original Regolith bug report: https:/
Upstream gnome-flashback has a fix, see this commit: https:/
I tested this fix myself (single patch on top of the current gnome-flashback Ubuntu sources) and it solves the issue for me, see discussion on Github.
Status changed to 'Confirmed' because the bug affects multiple users.