light-locker virtual console toggle results in screen contents being displayed

Bug #1284920 reported by ToZ on 2014-02-26
262
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Ubuntu
High
Unassigned

Bug Description

Xubuntu 14.04 Beta 1
When the lock screen is activated with light-locker (light-locker-command -l) and the virtula console switched to the first (Ctrl+Alt+F1) then back to the 7th (Ctrl+Alt+F7), for a brief second, the contents of the desktop is displayed before it is overlayed with te black "This session is locked" screen. This poses a potential security risk.

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: light-locker 1.2.0-0ubuntu1
ProcVersionSignature: Ubuntu 3.13.0-12.32-generic 3.13.4
Uname: Linux 3.13.0-12-generic i686
ApportVersion: 2.13.2-0ubuntu5
Architecture: i386
CurrentDesktop: XFCE
Date: Tue Feb 25 20:22:52 2014
InstallationDate: Installed on 2014-02-26 (0 days ago)
InstallationMedia: Xubuntu 14.04 LTS "Trusty Tahr" - Alpha i386 (20140225)
SourcePackage: light-locker
UpgradeStatus: No upgrade log present (probably fresh install)

ToZ (toz) wrote :
information type: Private Security → Public Security
Ubuntu QA Website (ubuntuqa) wrote :

This bug has been reported on the Ubuntu ISO testing tracker.

A list of all reports related to this bug can be found here:
http://iso.qa.ubuntu.com/qatracker/reports/bugs/1284920

tags: added: iso-testing
Changed in light-locker (Ubuntu):
status: New → Confirmed
Rolf Leggewie (r0lf) wrote :

I believe I reported this a few years ago, only to be told things were working as designed :-( Unfortunately, I can't find the ticket anymore. Like you, I consider this a grave security risk.

Rolf Leggewie (r0lf) wrote :

I am assigning this to Ubuntu in general because the problem stems not (only) from light-locker, has been around for a long time and is more wide-spread than this package. I believe the root cause of it lies somehwere within X.

affects: light-locker (Ubuntu) → ubuntu
Changed in ubuntu:
importance: Undecided → High
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers