screen-lock can be bypassed

Bug #880774 reported by Yannis Tsop
20
This bug affects 3 people
Affects Status Importance Assigned to Milestone
Epoptes
In Progress
Low
Fotis Tsamis

Bug Description

when running a fullscreen program (eg tuxpaint) the user can bypass the screen lock just by clicking outside hiw window (tux paint runs in fullscreen -changes resolution to a lower one- and the screen lock shows the whole screen, but the lock is within the smaller window)

Revision history for this message
Yannis Tsop (ogiannhs) wrote :
Revision history for this message
Yannis Tsop (ogiannhs) wrote :

maybe running xrandr (and set resolution) before and after screen lock?

Revision history for this message
Fotis Tsamis (ftsamis) wrote :

I can't reproduce what you are describing with Epoptes on Ubuntu 10.04 (Gnome), even if I execute tuxpaint --fullscreen.
Could you describe the exact steps you followed?

The truth is that when locking the screen we only block/grab the keyboard and leave the mouse.
But we should grab it too, as I just found out that you can indeed "bypass" (in another way than the one you describe) lock-screen:

If you keep the mouse click pressed - *before* the admin locks your screen - on the title bar of a window e.g. terminal, then the lock-screen app doesn't grab the keyboard and the focus remains on the previous window. So if the window was a terminal, he could execute whatever command.
I think this would be solved, though, if we grab the mouse too, when locking the screen.

Revision history for this message
Robert Wolf (r-wolf-conf) wrote :

Hallo,

we use linux for vmware player and the linux starts vmware player in fullscreen too. If the vmware player has mouse and is fullscreen, the lock does not work.

We have updated the lock-screen script, it sends ctrl-alt-shift (vmware player shortcut to release mouse) to X server (using lineakd xsendkeys) and vmware player releases the mouse and then the lock screen works.

Regards,

Robert Wolf.

Fotis Tsamis (ftsamis)
no longer affects: sch-scripts
Revision history for this message
Fotis Tsamis (ftsamis) wrote :

I am rewriting the lock-screen script to make it more effective.

Changed in epoptes:
assignee: nobody → Fotis Tsamis (ftsamis)
importance: Undecided → Low
status: New → In Progress
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Bug attachments