GNOME Screensaver

[gutsy] "Pictures folder" shows all pictures in $HOME

Bug #145152 reported by Christoph Langner
22
This bug affects 1 person
Affects Status Importance Assigned to Milestone
GNOME Screensaver
Invalid
High
gnome-screensaver (Ubuntu)
Fix Released
Medium
Ubuntu Desktop Bugs

Bug Description

Binary package hint: gnome-screensaver

---
# dpkg -l gnome-screensaver
...
ii gnome-screensaver 2.20.0-0ubuntu3 a screen saver and locker
---

I noticed that the "Pictures folder" screensaver shows all pictures out of $HOME instead of only $HOME/Pictures. Even pictures with sensible information out of my projects or pictures out of the cache of my web browser - ~/.mozilla/firefox/<random>.default/Cache - will be displayed. This might lead into showing pictures which you don't want to display in public.

I've got a folder called "Pictures" inside my home dir.

# ls -al ~/Pictures/
insgesamt 880
drwxr-xr-x 2 toff toff 120 2007-09-26 11:53 .
drwxr-xr-x 102 toff toff 4168 2007-09-26 12:00 ..
-rw-r--r-- 1 toff toff 252369 1999-11-20 00:00 1.jpg
-rw-r--r-- 1 toff toff 248626 1999-11-20 00:00 2.jpg
-rw-r--r-- 1 toff toff 390383 1999-11-26 00:00 3.jpg

But these pictures don't get displayed. Instead of those three pictures, gnome-screensaver looks in my whole $HOME for pictures.

This is not a real security threat. But since there is a option for a random screensaver. Users might find this "feature" quite unpleasent, when co-workers find out what the boss is doing late at night only by watching the screensaver...

Revision history for this message
Basilio Kublik (sourcercito) wrote :

Same behaviour here, quite annoying actually, and as you pointed could lead to a possible security threat if for instance i have a private document scanned and saved as image, such as driving licence or one containing my social security number, passport, etc.
Also your boss could found out you were searching for vacation places instead of working.

Changed in gnome-screensaver:
importance: Undecided → Medium
status: New → Confirmed
Revision history for this message
Pedro Villavicencio (pedro) wrote :

will forward upstream, thanks for your report.

Changed in gnome-screensaver:
assignee: nobody → desktop-bugs
status: Confirmed → Triaged
Bug Watch Updater (bug-watch-updater)
Changed in gnome-screensaver:
status: Unknown → New
Revision history for this message
John Muir (john-muir) wrote :

Hi, is this going to get fixed? Or is there a workaround?

Revision history for this message
Ted Gould (ted) wrote :

The Pictures screensaver uses the XDG directories. Those are configured in your ~/.config/user-dis.dirs file. Specifically the "XDG_PICTURES_DIR" entry. If you adjust that it'll use a different set of pictures.

Revision history for this message
Ted Gould (ted) wrote :

Also, an easier way is to use:

xdg-user-dirs-update --set PICTURES /home/ted/Pictures

Revision history for this message
Ted Gould (ted) wrote :

This isn't a bug in the screensaver. It's actually designed to work that way :) It's just a configuration option that hasn't been well documented.

Changed in gnome-screensaver:
status: Triaged → Invalid
Revision history for this message
Christoph Langner (chrissss) wrote :

But nevertheless. The screensaver should never, ever show all pictures out of $HOME, even if

# xdg-user-dirs-update --set PICTURES $HOME

is set.

The risk for exposing sensible information is to high. In my eyes gnome-screensaver should display a information to set XDG_PICTURES_DIR to a subdirectory inside $HOME, when it finds out that it will display all pictures inside $HOME.

Revision history for this message
John Muir (john-muir) wrote :

Yes, I must agree. After all we don't want to cause marital strife ;-)

Revision history for this message
Cariboo1938 (jgrauca) wrote :

@Ted Gould and Christoph Langner:
How can I find the location and how can I edit the file "~/.config/user-dis.dirs"?
Can I use any destination for my Pictures Folder or has it to be somewhere under /home?

Revision history for this message
Ted Gould (ted) wrote :

JGrau:
You can configure the directory to be anything you want by using the tool xdg-user-dirs-update like this:

xdg-user-dirs-update --set PICTURES /mypath/to/my/photos

Revision history for this message
Ted Gould (ted) wrote :

Okay, I'm having some trouble recreating the looking in hidden directories part of this bug. Could those who are having it please look at their xscreensaver-getimage.cache file? Mine is here:

~/tmp/.xscreensaver-getimage.cache

though the code may also put it here:

~/.xscreensaver-getimage.cache

There is already code in xscreensaver that should avoid hidden directories, I found it when I went to go and add it. In my cache there are no hidden directories.

Revision history for this message
Christoph Langner (chrissss) wrote :

Sorry Tes, i've got neither a

~/tmp/.xscreensaver-getimage.cache

nor a

~/.xscreensaver-getimage.cache

searching for it doesn't help

$ locate xscreensaver-getimage
/usr/share/man/man1/xscreensaver-getimage-video.1.gz
/usr/share/man/man1/xscreensaver-getimage.1.gz
/usr/share/man/man1/xscreensaver-getimage-file.1.gz
/usr/bin/xscreensaver-getimage-video
/usr/bin/xscreensaver-getimage-file
/usr/bin/xscreensaver-getimage

Revision history for this message
Ted Gould (ted) wrote : Re: [Bug 145152] Re: [gutsy] "Pictures folder" shows all pictures in $HOME

On Tue, 2008-01-29 at 22:10 +0000, Christoph Langner wrote:
> Sorry Tes, i've got neither a
>
> ~/tmp/.xscreensaver-getimage.cache
>
> nor a
>
> ~/.xscreensaver-getimage.cache

Hmm, can you please paste the output of:

$ xscreensaver-getimage-file --verbose ~

That should provide the name of a random picture in your home directory.
Please don't paste the output if it something sensitive. Cleaned up
path names should be fine.

Revision history for this message
Christoph Langner (chrissss) wrote :

I'm not sure how gnome-screensaver relates to xscreensaver here, but i'm using gnome-screensaver and the bug is about gnome-screensaver

$ xscreensaver-getimage-file --verbose ~
xscreensaver-getimage-file: none of: "chbg", "xv", "xli", or "xloadimage" were found on $PATH.

$ dpkg -l *screensaver
...
ii gnome-screensa 2.20.0-0ubuntu a screen saver and locker
un xscreensaver <keine> (keine Beschreibung vorhanden)

Revision history for this message
Ted Gould (ted) wrote :

On Tue, 2008-01-29 at 23:23 +0000, Christoph Langner wrote:
> I'm not sure how gnome-screensaver relates to xscreensaver here, but i'm
> using gnome-screensaver and the bug is about gnome-screensaver

The bug is misfiled. GNOME Screensaver doesn't contain any of the
actual screensavers in the package. All of the actual screensavers are
in xscreensaver-data and xscreensaver-gl and rss-glx. GNOME Screensaver
is the wrapper for configuration and dialogs.

> $ dpkg -l *screensaver
> ...
> ii gnome-screensa 2.20.0-0ubuntu a screen saver and locker
> un xscreensaver <keine> (keine Beschreibung vorhanden)

Try:

$ dpkg -l *screensaver*

> $ xscreensaver-getimage-file --verbose ~
> xscreensaver-getimage-file: none of: "chbg", "xv", "xli", or "xloadimage" were found on $PATH.

Okay, I've been able to recreate this. I think that this problem is
fixed in the latest packages. I have some newer ones that are marked
for Hardy in my PPA, but they should work fine for Gutsy. Could you
please install the xscreensaver* packages in my PPA:

https://launchpad.net/~ted-gould/+archive

Revision history for this message
Sebastian Breier (tomcat42) wrote :

Unfortunately, the packages are not installable on 7.10 because of dependency problems:

dpkg: dependency problems prevent configuration of xscreensaver:
 xscreensaver depends on libc6 (>= 2.7-1); however:
  Version of libc6 on system is 2.6.1-1ubuntu10.
 xscreensaver depends on libcairo2 (>= 1.5.0); however:
  Version of libcairo2 on system is 1.4.10-1ubuntu4.4.
 xscreensaver depends on libglib2.0-0 (>= 2.15.4); however:
  Version of libglib2.0-0 on system is 2.14.1-1ubuntu1.
 xscreensaver depends on libpango1.0-0 (>= 1.19.3); however:
  Version of libpango1.0-0 on system is 1.18.3-0ubuntu1.
dpkg: error processing xscreensaver (--install):
 dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of xscreensaver-data:
 xscreensaver-data depends on libc6 (>= 2.7-1); however:
  Version of libc6 on system is 2.6.1-1ubuntu10.
 xscreensaver-data depends on libglib2.0-0 (>= 2.15.4); however:
  Version of libglib2.0-0 on system is 2.14.1-1ubuntu1.
dpkg: error processing xscreensaver-data (--install):
 dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of xscreensaver-data-extra:
 xscreensaver-data-extra depends on libc6 (>= 2.7-1); however:
  Version of libc6 on system is 2.6.1-1ubuntu10.
 xscreensaver-data-extra depends on libglib2.0-0 (>= 2.15.4); however:
  Version of libglib2.0-0 on system is 2.14.1-1ubuntu1.
 xscreensaver-data-extra depends on libjpeg-progs; however:
  Package libjpeg-progs is not installed.
 xscreensaver-data-extra depends on netpbm; however:
  Package netpbm is not installed.
 xscreensaver-data-extra depends on xscreensaver-data (>= 4.23-4ubuntu4); however:
  Package xscreensaver-data is not configured yet.
dpkg: error processing xscreensaver-data-extra (--install):
 dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of xscreensaver-gl:
 xscreensaver-gl depends on libc6 (>= 2.7-1); however:
  Version of libc6 on system is 2.6.1-1ubuntu10.
 xscreensaver-gl depends on libglib2.0-0 (>= 2.15.4); however:
  Version of libglib2.0-0 on system is 2.14.1-1ubuntu1.
dpkg: error processing xscreensaver-gl (--install):
 dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of xscreensaver-gl-extra:
 xscreensaver-gl-extra depends on libc6 (>= 2.7-1); however:
  Version of libc6 on system is 2.6.1-1ubuntu10.
 xscreensaver-gl-extra depends on libgle3; however:
  Package libgle3 is not installed.
 xscreensaver-gl-extra depends on libglib2.0-0 (>= 2.15.4); however:
  Version of libglib2.0-0 on system is 2.14.1-1ubuntu1.
 xscreensaver-gl-extra depends on xscreensaver-gl (>= 4.23-4ubuntu4); however:
  Package xscreensaver-gl is not configured yet.
dpkg: error processing xscreensaver-gl-extra (--install):
 dependency problems - leaving unconfigured
Errors were encountered while processing:
 xscreensaver
 xscreensaver-data
 xscreensaver-data-extra
 xscreensaver-gl
 xscreensaver-gl-extra

Revision history for this message
Ted Gould (ted) wrote :

On Wed, 2008-01-30 at 08:12 +0000, Sebastian Breier wrote:
> Unfortunately, the packages are not installable on 7.10 because of
> dependency problems:

Sorry. I have now put up a package of the new xscreensaver built for
7.10.

Revision history for this message
Christoph Langner (chrissss) wrote :

Ok, here we go:

$ xscreensaver-getimage-file --verbose ~

The result is attached to this comment.

Revision history for this message
Christoph Langner (chrissss) wrote :

What i see is that despite I set XDG_PICTURES_DIR
<snip>
cat ~/.config/user-dirs.dirs
...
XDG_PICTURES_DIR="$HOME/Bilder/"
...
<snip>

The screensaver looks inside my whole $HOME for files

<snip>
$ xscreensaver-getimage-file --verbose ~ > output.txt
xscreensaver-getimage-file: 5120 files in cache
xscreensaver-getimage-file: /home/toff/temp/gajim-0.11.3/data/emoticons/static/unhappy.png: too small (16 x 16)
xscreensaver-getimage-file: /home/toff/Desktop/temp/2006_PICS/projects1.jpg: 800 x 600
<snip>

Revision history for this message
Sebastian Breier (tomcat42) wrote :

I also installed your package. Thanks for providing it.

1)
When I do "xscreensaver-getimage-file --verbose ~/Bilder" (my pictures folder), I get only the one unhidden file. So, no problem here.
I guess Christoph just used the wrong cmdline for getimage? Or is "~" as directory correct, and it should still use only the pictures folder?

2)
Testing the screensaver for picture slideshow, it shows both hidden and unhidden files

For the tests, I prepared my pictures folder with two pics, like this:
~/Bilder
~/Bilder/sandwich.png
~/Bilder/.hidden
~/Bilder/.hidden/christmas_sucks.jpg

The .hidden and christmas_sucks.jpg are not in the getimage listing, but appear in the screensaver.

Hope that helps somehow. Ask for more debugging.

Revision history for this message
Ted Gould (ted) wrote :

On Wed, 2008-01-30 at 22:20 +0000, Christoph Langner wrote:
> What i see is that despite I set XDG_PICTURES_DIR
 <snip>
> The screensaver looks inside my whole $HOME for files

Yeah, the program flow here sucks. Let me try and explain.

So the screensaver calls the file xscreensaver-get-image and then passes
a directory as the parameter. That's where the command looks. So
almost all of the screensavers use the directory that is in
your .xscreensaver file, except glslideshow. It uses the XDG pictures
directory. See, easy :)

So, now that you have that not looking at . files, you can try
glslideshow using this command:

$ /usr/lib/xscreensaver/glslideshow

That should look for the photos and display them in your pictures
directory.

Revision history for this message
Ted Gould (ted) wrote :

On Wed, 2008-01-30 at 23:24 +0000, Sebastian Breier wrote:
> When I do "xscreensaver-getimage-file --verbose ~/Bilder" (my pictures folder), I get only the one unhidden file. So, no problem here.
> I guess Christoph just used the wrong cmdline for getimage? Or is "~" as directory correct, and it should still use only the pictures folder?

No, it'll just look in your home directory. I figured people would have
more hidden files there :)

> 2)
> Testing the screensaver for picture slideshow, it shows both hidden and unhidden files
>
> For the tests, I prepared my pictures folder with two pics, like this:
> ~/Bilder
> ~/Bilder/sandwich.png
> ~/Bilder/.hidden
> ~/Bilder/.hidden/christmas_sucks.jpg
>
> The .hidden and christmas_sucks.jpg are not in the getimage listing, but
> appear in the screensaver.

Uhm, that's really confusing.

Can you check to see if you have a different desktop grabber configured
somehow? That would be in your ~/.xscreensaver file.

Revision history for this message
Sebastian Breier (tomcat42) wrote :

I don't have an ~/.xscreensaver file, so I guess that's not the problem. :)

Revision history for this message
Sebastian Breier (tomcat42) wrote :

Can anybody confirm that this is fixed not only for me? I have "good behavior" now.

Revision history for this message
Christoph Langner (chrissss) wrote :

I also think that this bug is fixed. Something like this never happend again inside hardy or intrepid. Marking this bug as "fix released"...

Changed in gnome-screensaver:
status: Invalid → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in gnome-screensaver:
status: New → Invalid
Revision history for this message
ricardisimo (ricardisimo) wrote :

I hope it's not too late to comment on this. I'm on Jaunty. I wandered back to my computer at work the other day to find it flashing scans of cleared checks, the member roster from my union Local, and member tax forms. Not cool.

These are scans, which are pictures, which is why I saved them in my "Pictures" folder. Is there a way either to remove "Pictures Folder" from gnome-screensaver, or limit it to tagged pictures, as the F-Spot screensaver is limited to tagged "Favorites".

Aside from sensitive financial records, what if I want to have naked pictures of Salma Hayek - or better yet Barrack Obama - in my Pictures folder, but I don't want my co-workers seeing them? I can probably edit hidden config files, but the average newbie who sets his/her screensaver to randomize won't know that it's going to happen ahead of time, and won't know how to "fix" it after the fact.

To Ted's point, this isn't really a bug, it's how it is supposed to work. So can I make this a feature request instead of a bug report? Either modify Pictures Folder so as to guarantee users' privacy, or remove it from gnome-screensaver. Thank you.

Bug Watch Updater (bug-watch-updater)
Changed in gnome-screensaver:
importance: Unknown → High
Revision history for this message
mdmcginn (mcweb) wrote :

It's not working as intended for me, on Gnome 2.32.0/Ubuntu 11.04:

$HOME/.config/user-dirs.dirs
said
XDG_PICTURES_DIR="$HOME/"
not
XDG_PICTURES_DIR="$HOME/Pictures"

Why isn't there a GUI to configure the screensaver? Why can't the screensaver directory be specified to be different than the Pictures directory, as it was with the previous version?

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Bug attachments

Remote bug watches

Bug watches keep track of this bug in other bug trackers.