[hardy] "Lock screen on disconnect" overzealous

Bug #201465 reported by Chris Jones
4
Affects Status Importance Assigned to Milestone
vino
Fix Released
Medium
vino (Ubuntu)
Fix Released
Medium
Ubuntu Desktop Bugs

Bug Description

Binary package hint: vino

If the "Lock screen on disconnect" feature is enabled, the screen will indeed be locked when someone disconnects from the VNC server.

However, it appears to function simply by locking the screen whenever *any* connection to the VNC server terminates.

That is to say, you can telnet to port 5900 on your machine, disconnect and the screen will lock. You can nmap your machine and the screen will lock, or you can connect with a legitimate VNC client, but fail to get the password right or be denied access by vino's "Ask for confirmation" option, and your screen will lock.

If you enable this feature, anyone with network access to your machine can DoS you by locking your screen at will. This seems somewhat unhelpful. The screen should only lock after a *successful* connection.

Chris Jones (cmsj)
description: updated
Changed in vino:
assignee: nobody → desktop-bugs
importance: Undecided → Medium
milestone: none → ubuntu-8.04
status: New → Triaged
Changed in vino:
status: Unknown → In Progress
Changed in vino:
status: In Progress → Fix Released
Revision history for this message
Sebastien Bacher (seb128) wrote :

The bug has been fixed upstream now

Changed in vino:
status: Triaged → Fix Committed
Revision history for this message
Sebastien Bacher (seb128) wrote :

the new version has been uploaded to hardy

Changed in vino:
status: Fix Committed → Fix Released
Changed in vino:
importance: Unknown → Medium
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.