Potential privacy violation: The lock screen shows the desktop contents long enough to take a picture, before showing the password prompt.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gnome-screensaver (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
lsb_release -rd
Description: Ubuntu 20.04.2 LTS
Release: 20.04
The gnome-screensaver package is not installed, so I'm not sure which package handles the lock screen:
sudo apt-cache policy gnome-screensaver
[sudo] password for steve:
gnome-screensaver:
Installed: (none)
Candidate: 3.6.1-11ubuntu4
Version table:
3.
500 http://
ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: gnome-screensaver (not installed)
ProcVersionSign
Uname: Linux 5.8.0-50-generic x86_64
NonfreeKernelMo
ApportVersion: 2.20.11-
Architecture: amd64
CasperMD5CheckR
CurrentDesktop: ubuntu:GNOME
Date: Thu May 6 08:43:26 2021
InstallationDate: Installed on 2020-11-22 (164 days ago)
InstallationMedia: Ubuntu 20.04.1 LTS "Focal Fossa" - Release amd64 (20200731)
ProcEnviron:
PATH=(custom, no user)
XDG_RUNTIME_
LANG=en_US.UTF-8
SHELL=/usr/bin/zsh
SourcePackage: gnome-screensaver
UpgradeStatus: No upgrade log present (probably fresh install)
I think that this bug could be considered a medium severity information disclosure vulnerability. I'm not concerned so much about my privacy as I am for a journalist or political dissenter who locks their screen while they have documents with sensitive information open on the screen. Then, when there is keyboard activity, the contents of any open documents on the desktop are shown long enough to take a picture with a cell phone before the login prompt is shown.