blueproximity has no locking option for KDE4.1/Plasma

Bug #296085 reported by Vik on 2008-11-09
264
This bug affects 1 person
Affects Status Importance Assigned to Milestone
blueproximity (Ubuntu)
Undecided
Unassigned

Bug Description

With the current Intrepid release 8.10, blueproximity comes with no option for locking the KDE4.1 desktop, only gnome desktops.

The old bodge of using dcop to notify kdesktop no longer works with Plasma:

vik@kereru:~$ dcop kdesktop KScreensaverIface
ERROR: Couldn't attach to DCOP server!

blueproximity 1.2.5-3

This causes workstations not to be automatically locked when they were before the upgrade, and in a way that would be transparent to the user as they never actually see their workstation locked when carrying their phone. Hence the security vulnerability.

Jamie,

I've been discussing this with the local LUG and the response is
unanimous that this should be considered a security issue.

I would like to ask you to reconsider your re-classification, and if
possible explain to us why this is not considered a security problem.

Regards,

Vik Olliver

On Mon, 2008-11-10 at 14:26 +0000, Jamie Strandboge wrote:
> ** This bug is no longer flagged as a security issue
>
> --
> blueproximity has no locking option for KDE4.1/Plasma
> https://bugs.launchpad.net/bugs/296085
> You received this bug notification because you are a direct subscriber
> of the bug.
>
> Status in “blueproximity” source package in Ubuntu: New
>
> Bug description:
> With the current Intrepid release 8.10, blueproximity comes with no
> option for locking the KDE4.1 desktop, only gnome desktops.
>
> The old bodge of using dcop to notify kdesktop no longer works with
> Plasma:
>
> vik@kereru:~$ dcop kdesktop KScreensaverIface
> ERROR: Couldn't attach to DCOP server!
>
> blueproximity 1.2.5-3
>
> This causes workstations not to be automatically locked when they were
> before the upgrade, and in a way that would be transparent to the user
> as they never actually see their workstation locked when carrying
> their phone. Hence the security vulnerability.
>
>

Jamie Strandboge (jdstrand) wrote :

Sorry for unmarking it. I agree that it should be flagged as a security issue. Thanks for pointing this out.

Kees Cook (kees) on 2009-03-25
Changed in blueproximity (Ubuntu):
status: New → Confirmed
Boris Manojlovic (stekoje) wrote :

 I know this is rather old bug, but here is the fix for it in form of script for locking/unlocking
just call this script from blueproximity with lock unlock parameters as in screenshot attached

---------------------
#!/bin/sh
PATH=$PATH:/opt/kde3/bin:/usr/bin
echo ${KDE_SESSION_VERSION}
case "$1" in
        lock)
                if [ -n ${KDE_SESSION_VERSION} ] && [ "$KDE_SESSION_VERSION" -eq 4 ]; then
                        echo "KDE4 detected do the magic..."
                        ####qdbus org.freedesktop.ScreenSaver /ScreenSaver Lock #one way
                        # better way bellow (unified) - should work with gnome too (gnome users please test)
                        dbus-send --type=method_call --dest=org.freedesktop.ScreenSaver /ScreenSaver org.freedesktop.ScreenSaver.Lock
                        # Dear NVIDIA shitty drivers so don't use this one too often
                        ####xset dpms force off
                else
                        echo "KDE3 detected do the magic..."
                        dcop kdesktop KScreensaverIface lock
                fi
                ;;
        unlock)
                if [ -n ${KDE_SESSION_VERSION} ] && [ "${KDE_SESSION_VERSION}" -eq 4 ]; then
                        echo "KDE4 detected do the magic..."
                        dbus-send --type=method_call --dest=org.freedesktop.ScreenSaver /ScreenSaver org.freedesktop.ScreenSaver.SetActive boolean:false
                        # Dear NVIDIA shitty drivers so don't use this one too often
                        xset dpms force on
                else
                        # KDE 3
                        echo "KDE3 detected do the magic..."
                        dcop kdesktop KScreensaverIface quit
                fi
                ;;
        *)
                echo "usage of $0:"
                echo " $0 (lock|unlock)"

esac
-------------------

Boris Manojlovic (stekoje) wrote :

 I know this is rather old bug, but here is the fix for it in form of script for locking/unlocking
just call this script from blueproximity with lock unlock parameters as in screenshot attached

---------------------
#!/bin/sh
PATH=$PATH:/opt/kde3/bin:/usr/bin
echo ${KDE_SESSION_VERSION}
case "$1" in
        lock)
                if [ -n ${KDE_SESSION_VERSION} ] && [ "$KDE_SESSION_VERSION" -eq 4 ]; then
                        echo "KDE4 detected do the magic..."
                        ####qdbus org.freedesktop.ScreenSaver /ScreenSaver Lock #one way
                        # better way bellow (unified) - should work with gnome too (gnome users please test)
                        dbus-send --type=method_call --dest=org.freedesktop.ScreenSaver /ScreenSaver org.freedesktop.ScreenSaver.Lock
                        # Dear NVIDIA shitty drivers so don't use this one too often
                        ####xset dpms force off
                else
                        echo "KDE3 detected do the magic..."
                        dcop kdesktop KScreensaverIface lock
                fi
                ;;
        unlock)
                if [ -n ${KDE_SESSION_VERSION} ] && [ "${KDE_SESSION_VERSION}" -eq 4 ]; then
                        echo "KDE4 detected do the magic..."
                        dbus-send --type=method_call --dest=org.freedesktop.ScreenSaver /ScreenSaver org.freedesktop.ScreenSaver.SetActive boolean:false
                        # Dear NVIDIA shitty drivers so don't use this one too often
                        xset dpms force on
                else
                        # KDE 3
                        echo "KDE3 detected do the magic..."
                        dcop kdesktop KScreensaverIface quit
                fi
                ;;
        *)
                echo "usage of $0:"
                echo " $0 (lock|unlock)"

esac
-------------------

Vik (vik-catalyst) wrote :

Boris - awesome, and it works a treat even on my machine :) As I'm the guy people give stuff to when they want it to break, that's saying something. Hopefully the upstream maintainers will fit in in.

Vik :v)

Alex10336 (ap10336) wrote :

From: http://doc.ubuntu-fr.org/blueproximity#configuration

Lock screenserver:
qdbus org.freedesktop.ScreenSaver /ScreenSaver Lock

Unlock screenserver:
qdbus org.freedesktop.ScreenSaver /ScreenSaver SetActive false

To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers