Desktop contents displayed on resume, before lock screen is shown

Status changed to 'Confirmed' because the bug affects multiple users.

It has a moderate impact on a core package.

happens with gnome 3.16 on ubuntu 15.10
do you need any more information? is this being worked on?

I did not experience it on my machine prior to 15.10, but after upgrading to 15.10 it happens consistently every time when resuming from suspend.

Still seeing this bug in Ubuntu 15.10 64-bit with Unity 3D, and have seen it in every Ubuntu version going back to at least 2011, across several different laptops from different manufacturers (Chromebook, Thinkpad, and Dell something-or-other). It happens reliably every time I resume from suspend - doesn't matter if I suspended through the menu or by closing the lid.

How is this not considered a major security bug? If someone steals my laptop they can see anything I was doing before suspending. Information leakage like this should be treated as high priority.

Still seeing this bug (Ubuntu-Gnome 15.10, with Gnome 3) too.
I too think this is a security issue. They don't even need to steal my laptop -- just flip it open and power it on briefly, and be ready with a smartphone to take a picture at the screen contents.

I also have this issue (Ubuntu 15.10, Lenovo T450s), every time.

I have this issue with both Unity and Gnome 3. Running Ubuntu 15.10 on an Asus Zenbook UX305.

I've also been able to type briefly before it autolocks (see 830348).

Yes me too, Ubuntu 15.10 Unity, Toshiba Chromebook 2. I've the below as I thought it was an issue with the screensaver after reading other sites. No luck:

gsettings set org.gnome.desktop.screensaver ubuntu-lock-on-suspend 'true'
sudo sed -i "s/NoDisplay=true/NoDisplay=false/g" /etc/xdg/autostart/*.desktop

Same here, ubuntu 15.10 unity. hp probook gd450

Dell Inspiron 15
Ubuntu 15.10
3.6.1-7ubuntu1

Happy to troubleshoot if needed.

I have the same defect on HP Envy, Ubuntu 15.10

Same issue on Dell XPS 13 2015 (9343) Ubuntu 15.10.

Having this on a Dell Prestige 3510, with Ubuntu 15.10 and XFCE

This security bug has been open for 4.5 years now.

mbp, this looks like a 'garbage pit' style bug report; the original complaint from two years ago is filed against gnome-screensaver but the automatically included text reports unity was being used. Comments since then include complaints about xfce and gnome 3 environments too.

There's no actionable information in any of this report, and furthermore there's been half-dozen fixes to most of the screenlockers mentioned in this report along the way because for some reason the screenlockers seem to re-introduce the same bugs every cycle.

If you're seeing an issue, please just file a new bug. This one has grown useless because it's not specific enough to anything to actually fix.

Thanks

seth-arnold, imho, this problem systematically reported in different versions of Ubuntu with different desktop environments and seems like ignored by developers. The security threat is severe and the root of the problem lies much deeper than patching a concrete combination of components. Confess I don't know and not going to investigate the problem (despite that as sw developer I do want to hear about it causes), but could you as a member of security team explain us why don't you refactor or redesign this? And we as system users would be pleased if some techguy investigate the problem and open a new "correct" bug instead of switching bug to invalid state practically sinking it to the "garbage pit".

There is no offence in my comment, but for many reasons lots of people can't use OSes with such security holes and this is very disappointing.

There is no way to fix this as long as X11 is still being used. Lock screen timing issues are usually caused by a few different things:

1- Hardware issues. Certain models of computers have known issues where they don't generate the proper events when the laptop lid is closed or the suspend hotkey is pressed. In those cases, the laptop will enter the suspend state before notifying the OS, which results in the screen not being locked when the laptop wakes up. These issues need to be addressed with a firmware update, or with a quirk being added to whatever platform specific driver is in the kernel. This is the type of thing that is tested and fixed when a laptop gets certified and preloaded with Ubuntu.

2- Actual bugs in the screen locking code. This has happened in the past, and still occurs occasionally.

3- X11 not allowing the screen lock to forcibly remove keyboard and mouse grabs. This is the major reason why screen locking will never work reliably as long as we haven't switched to Wayland or Mir. For the screen to lock, it must be able to exclusively grab the keyboard or mouse. Unfortunately, there is no way under X11 to forcibly remove a keyboard or mouse grab that belongs to another application. When this happens, for example when you have a menu open, or you're using software such as Virtalbox, the screen is unable to lock before the laptop goes into suspend mode.

Mark, thanks for such detailed explanation and extremely fast response! It's grave news for me to hear that X11 is the major problem here. Would it be better if your publish it in Ubuntu FAQ (or elsewhere) and close all these bugs with "won't fix" to make community realize the point?

That's an excellent suggestion, I'll look into doing that. Thanks!

This bug started happening on my laptop after installing 16.04. With 12.04 there never was any problem and I never had this problem with an older laptop, from 8.04 to 15.10.

I'm running XDG_CURRENT_DESKTOP=GNOME-Flashback:Unity

Given the suggestion at #17 I'll open a new bug for that DE. Everybody should open a new bug for the DE you use.

Below is a workaround I use.

*********
#!/bin/sh
viewnior --fullscreen '/home/user_name/Images/My solid color image which obscures my desktop.png' && sleep 2 && dbus-send --system --print-reply --dest=org.freedesktop.login1 /org/freedesktop/login1 "org.freedesktop.login1.Manager.Suspend" boolean:true && i3lock -i '/home/user_name/Images/My image I like to look at when my computer wakes up.png' -p default -n
*********

I lock my screen with a keyboard shortcut I created in Xubuntu which I associated with the above script.

After my computer wakes up I need to exit Viewnior (the image viewer I am using) so that the the file called, "My solid color image which obscures my desktop.png" disappears.

I suppose the extra step would not be necessary if someone with some technical knowledge would explain how to cause i3lock to exit the image viewer after the computer wakes up.

I use "viewnior --fullscreen" instead of "viewnior -f" because the later didn't seem to work in a terminal. I suppose this was a result of my using a French language terminal.

Also, if you need to resize your image because you want it to appear centered on the screen, there's no need to install GIMP or any other draw or paint application.

I used Google Drawings to resize "My solid color image which obscures my desktop.png" to match my screen size which is 1366 x 768 pixels. I went to File–>Page configuration–>Customize and typed 1366 then 768 and chose pixels.

Then I downloaded "My solid color image which obscures my desktop.png" to my local drive.

I suppose if the developer(s) of this app were to a detailed explanation of the abovein a message, say the first five times a new image were used in i3lock, it would help new users quickly and easily lock their screen securely and ensure their images were centered on the screen.

The workaround below fixes a bug in the above workaround:

*********
#!/bin/sh
viewnior --fullscreen '/home/user_name/Images/My solid color image which obscures my desktop.png' &
sleep 2 &&
dbus-send --system --print-reply --dest=org.freedesktop.login1 /org/freedesktop/login1 "org.freedesktop.login1.Manager.Suspend" boolean:true && i3lock -i '/home/user_name/Images/My image I like to look at when my computer wakes up.png' -p default -n
*********

Another workaround that I used for Cinnamon. I can't imagine it would be too much trouble to adapt it to other window managers:

1. Use dconf-editor to change the button-suspend action at org>cinnamon>settings-daemon>plugins>power to 'nothing' (you could also amend lid-close-ac-action and lid-close-battery-action as well if you're using a laptop).

2. Save the following script to a convenient location (it locks the screen, then suspends):

#!/bin/bash
cinnamon-screensaver-command -l
systemctl suspend

3. Use the System Settings app (cinnamon-settings) to create a custom keybinding for the sleep key that points to the script.

After this it behaves as it should. You can see the lock screen pop up briefly before it goes to sleep, which is reassuring.

gethin, that seems plausibly like it could suffer from the same problems as #49579 -- if you have a menu open or a virtualbox window to a guest or similar, the screensaver 'lock' command may not be able to lock the display.

That's why we recommend using the lock interface in the menus or keyboard shortcuts, because both will either succeed easily or visibly fail before you make the next step manually.

Thanks

Same issue on a Lenovo t440s, Ubuntu 17.10 (Gnome shell).

Getting this as well on 16.04, but only recently. Started happening about 4 months ago. Mine is worse because I can open it up and start working on it. Sometimes I'll be on it for like 10 mins before it finally shuts me out and makes me login.

I have same issue on Kubuntu 18.04 Is the NSA forcing someone to leave this in on purpose?

I got the same security issue with Cairo Dock and Ubuntu 14.04 in Acer Aspire E 14 ES1-411-28SF every time laptop wake up

I tried to put a command on sleep event but this occurs on wake up

Tengo el mismo problema de seguridad con Cairo Dock y Ubuntu 14.04 en Acer Aspire E 14 ES1-411-28SF cada vez que despierta el note

intenté poner un comando en el evento de suspender pero recien carga al volver de la suspensión

I experience the same bug I am running a freshly installed Ubuntu 18.04 with unity.

I also experience this buggy behavior on a fresh install of Ubuntu 18.04, using the default Gnome Shell desktop. This bug has been around for at least 7 years (see https://bugs.launchpad.net/ubuntu/+source/unity-2d/+bug/830348). How is it still unaddressed?

I'd imagine a workaround could be to have a hook for suspend write to the framebuffer, but I failed at getting this working when I tried today (put a script in /usr/lib/systemd/system-sleep to invoke eog in fullscreen).

Regarding the comment above about this being fixed in "certified" laptops, this doesn't seem to be 100% correct. See this on a Dell XPS 9350, and this machine was available in a "Developer edition" running Ubuntu. Still see this issue.

Lubuntu 19.10 QA-test (live) on lenovo thinkpad sl510 (c2d-t6570, 2gb ram, i915)

suspended system, waited, it resumed (image was visible briefly before xscreensaver covered screens; screensaver woke on touch of key - i'll record as https://bugs.launchpad.net/ubuntu/+source/gnome-screensaver/+bug/1280300

Issue is exactly as described, except the xscreensaver image appeared in well under a second after laptop awoke. I had external vga in use too, and it wasn't hidden either briefly

This bug has been reported on the Ubuntu ISO testing tracker.

A list of all reports related to this bug can be found here:
http://iso.qa.ubuntu.com/qatracker/reports/bugs/1280300

The issue still persists in Ubuntu 20.04. Running mate with lightdm and light-locker configured to lock-on-suspend enabled. After resuming, the desktop contents before suspend are visible for roughly 5 seconds, before the lock screen appears.

As this is absolutely unacceptable in terms of security and privacy, I'm using the following script to suspend (thanks to gethin for the pointer!):

#!/bin/bash
mate-screensaver-command -l
systemctl suspend

I confirm this on Ubuntu Mate 20.04.1. Desktop is visible for a second before the lockscreen when I resume from power menu >> suspend or from systemctl suspend but if I resume after suspending by closing the lid on my Dell XPS 13 9360 the desktop is not visible before the lockscreen.

Affects Ubuntu 21.04.

Also see this on 20.10 on a Dell XPS 15 9550.

We're mid 2021 and this security issue is still present.
Confirmed on Ubuntu 20.04. Also on Zorin OS 15 (Ubuntu 18.04 based).

Besides only getting medium priority, I cannot understand that this medium priority security issue hasn't been assigned, leave alone fixed in nearly 7 years.

'gnome-screensaver' isn't used in any modern versions of Ubuntu so this needs to be reassigned and/or merged with bug 1532508...

To make the picture automatically close when you wake up from sleep, you can use a this procedure to close the application.
1.Create .sh file with:
#!/bin/bash
pkill viewnior

2.Create .service file in /etc/systemd/system with followiing:
[Unit]
Description=Run my script after resume

[Service]
User=<user>
Type=oneshot
Environment=DISPLAY=:0
ExecStart=/path/to/my/script.sh

[Install]
WantedBy=sleep.target

change <user> to your user

3.Run commands from terminal

systemctl daemon-reload

systemctl enable nameofscript.service

enjoy