[hardy] "Lock screen on disconnect" overzealous
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
vino |
Fix Released
|
Medium
|
|||
vino (Ubuntu) |
Fix Released
|
Medium
|
Ubuntu Desktop Bugs |
Bug Description
Binary package hint: vino
If the "Lock screen on disconnect" feature is enabled, the screen will indeed be locked when someone disconnects from the VNC server.
However, it appears to function simply by locking the screen whenever *any* connection to the VNC server terminates.
That is to say, you can telnet to port 5900 on your machine, disconnect and the screen will lock. You can nmap your machine and the screen will lock, or you can connect with a legitimate VNC client, but fail to get the password right or be denied access by vino's "Ask for confirmation" option, and your screen will lock.
If you enable this feature, anyone with network access to your machine can DoS you by locking your screen at will. This seems somewhat unhelpful. The screen should only lock after a *successful* connection.
description: | updated |
Changed in vino: | |
assignee: | nobody → desktop-bugs |
importance: | Undecided → Medium |
milestone: | none → ubuntu-8.04 |
status: | New → Triaged |
Changed in vino: | |
status: | Unknown → In Progress |
Changed in vino: | |
status: | In Progress → Fix Released |
Changed in vino: | |
importance: | Unknown → Medium |
The bug has been fixed upstream now