Comment 6 for bug 837002

My understanding was that this was a bug in the greeter, and as such I submitted a patch and bug report on lightdm-gtk-greeter last week:

https://bugs.launchpad.net/lightdm-gtk-greeter/+bug/1031421

I haven't received a response yet, but the patch does fix the problem. However, it does leak the existence of users because it selects the previous session as soon as the username is entered. I'm not sure how serious that really is: modulo XDMCP (which has more serious security problems) this is only exploitable locally, gdm3 also leaks user information in this way, and I think the primary reason to use greeter-hide-users=false isn't privacy but because you have too many users to display in a list. Also, note that the greeter *already* leaks user information with greeter-hide-users=false: if you enter the password incorrectly, the previous session is selected at that point. So this patch should make everything strictly better.