Ubuntu
gnome-screensaver package

gnome-screensaver doesn't blank screen on lock with xfwm4 compositing

Bug #191503 reported by Radomir Dopieralski
280
Affects Status Importance Assigned to Milestone
Xfwm4
In Progress
Unknown
gnome-screensaver (Ubuntu)
Invalid
Medium
Ted Gould
xfwm4 (Debian)
Fix Released
Unknown
xfwm4 (Ubuntu)
Fix Released
Medium
Lionel Le Folgoc

Bug Description

Binary package hint: gnome-screensaver

The problem is that when:
   * you use xfwm4, and
   * you have compositing enabled, and
   * you have "display fullscreen overlays directly" enabled,
then the gnome-screensaver doesn't blank your screen when locking,
so anybody can see the screen -- which may contain sensitive information.

Related branches

lp:ubuntu/lucid/xfwm4
Revision history for this message
GeorgeB (solar.george-deactivatedaccount) wrote :

Confirmed

* Still affects me when I have "display fullscreen overlays directly" disabled

Changed in gnome-screensaver:
status: New → Confirmed
Bug Watch Updater (bug-watch-updater)
Changed in xfwm4:
status: Unknown → Confirmed
Bug Watch Updater (bug-watch-updater)
Changed in xfwm4:
status: Confirmed → In Progress
Revision history for this message
Ted Gould (ted) wrote :

I don't believe this is a bug in GNOME Screensaver, rather XFWM. There was some compiz activity that was similar causing a security update to Gutsy quickly after it's release. It might be a similar bug, though I'm unfamiliar with it.

Changed in gnome-screensaver:
status: Confirmed → Invalid
Revision history for this message
Ian Howson (ianhowson) wrote :

I can confirm that the bug is still present in Hardy.

Revision history for this message
Brian Murray (brian-murray) wrote :

Ted that bug, bug 145123, was worked around in GNOME Screensaver, here's the change log entry:

gnome-screensaver (2.20.0-0ubuntu4.2) gutsy-security; urgency=low

  * SECURITY UPDATE: screen lock bypass via shortcuts when compiz running.
  * Add debian/patches/05_locking_for_compiz.patch: patch for lock dialog for
    when Compiz is enabled from Michael Vogt (LP: #145123).

And then fixed in compiz for Hardy:

compiz (1:0.6.2+git20071018-0ubuntu2) hardy; urgency=low

  * debian/patches/030_fix_screensaver:
    - never unredirect the gnome-screensaver window to prevent
      breaking the keyboard grab (#145123)

Bug Watch Updater (bug-watch-updater)
Changed in xfwm4:
status: Unknown → Confirmed
Revision history for this message
Philipp Edelmann (tukss) wrote :

In the Debian bug report they say that version 4.4.2-4 (compared to 4.4.2-2ubuntu1 in Ubuntu) fixes the bug.

Cody A.W. Somerville (cody-somerville)
Changed in gnome-screensaver:
status: Invalid → Triaged
Pedro Villavicencio (pedro)
Changed in gnome-screensaver:
assignee: nobody → ted-gould
Revision history for this message
Lionel Le Folgoc (mrpouit) wrote :

That's fixed in intrepid too.

Changed in xfwm4:
assignee: nobody → mrpouit
importance: Undecided → Medium
status: New → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in xfwm4:
status: Confirmed → Fix Released
Pedro Villavicencio (pedro)
Changed in gnome-screensaver (Ubuntu):
importance: Undecided → Medium
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

I would seem this got fixed in xfwm4...closing the gnome-screensaver task.

Changed in gnome-screensaver (Ubuntu):
status: Triaged → Invalid
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.