[gutsy] unredirect-fullscreen-windows option breaks gnome-screensaver locking behavior

I can definitely confirm this. In fact, I had my IRC window gain focus while I typed in my password. Thankfully I typoed it, but I think this should be classified as a security vulnerability.

I can only reproduce this if I set "Unredirected Fullscreen windows" to true in compizconfig-settings-manager (gconf: /apps/compiz/general/screen0/options/unredirect_fullscreen_windows).

Can you please check that setting and let me know if you have set that? And if the problem goes away if you unset it?

Thanks,
 Michael

Confirmed: unredirect fullscreen windows is sufficient to trigger this bug. Gnome-screensaver works when that option is disabled.

Is this related to:

https://bugs.launchpad.net/ubuntu/+source/xorg/+bug/130325

i can confirm this bug too, and isn't the same as bug 130325, i can definitely see the aplications running in real time while the screen is locked with gnome-screensaver, just alt+tab and you'll see them, and also can execute programs from terms opened, and even type some words here while i was re-checking with gnome-screensaver locking my screen.

about the other issue, i can confirm that too, sometimes i cannot select the text area to type my password, a couple of cancel over the gnome-screensaver dialog seems to solve the issue.

i almost forgot, i'm using gutsy too with all packages up to date, with an ati 9100IGP with the open source ati driver.

related packages:
============
compiz 1:0.5.2+git20070827-0ubuntu1
compiz-core 1:0.5.2+git20070827-0ubuntu1
compiz-fusion-plugins-extra 0.5.2+git20070817-0ubuntu1
compiz-fusion-plugins-main 0.5.2-0ubuntu2
compiz-gnome 1:0.5.2+git20070827-0ubuntu1
compiz-plugins 1:0.5.2+git20070827-0ubuntu1
gnome-screensaver 2.19.6-0ubuntu3
xorg 1:7.2-5ubuntu7
xserver-xorg 1:7.2-5ubuntu7
xserver-xorg-core 2:1.3.0.0.dfsg-12ubuntu2
libgl1-mesa-dri 7.0.1-1ubuntu1
libgl1-mesa-glx 7.0.1-1ubuntu1
libglu1-mesa 7.0.1-1ubuntu1

Assigning and moving milestone.

Lowering priority as this does not happen with our default settings.

This bug only happens on my end when Unredirect fullscreen Windows IS NOT checked.

Moving milestone to beta.

This is fixed in our current local repository and it will be part of the next upload.

compiz (1:0.5.2+git20070918-0ubuntu2) gutsy; urgency=low

  [ Michael Vogt ]
  * debian/patches/
      0001-Make-sure-that-unredirected-fullscreen-windows-are-f.patch,
      0002-Make-sure-that-unredirected-windows-get-redirected-o.patch,
      0003-Move-input-focus-back-to-the-active-window-after-red.patch:
    - fix input focus grabing behaviour, thanks to Dennis Kasprzyk
      (LP: #122549)
  * debian/compiz-gnome.gconf-defaults:
    - add schema default for hsize
    - fix schema value for shadow_radius
  * debian/compiz.wrapper:
    - removed
  * debian/compiz-manager, debian/compiz-manager.defaults, debian/rules:
    - use upstreams compiz-manager script to start compiz instead of
      our own and ship ubuntu specific defaults
  * debian/rules:
    - pass the correct plugin list to configure to mangle the default
      xml and schema files
  * debian/patches/020_no_active_plugins_default.patch:
    - dropped, done via the configure argument now

  [ Travis Watkins ]
  * debian/patches/024_add_config_notify.patch:
    - add extra configure notify to make fullscreen gnome-terminal work

 -- Michael Vogt <email address hidden> Wed, 19 Sep 2007 11:04:54 +0100

This is not fixed for me as of compiz 1:0.6.0+git20071002-0ubuntu1, I just saw this bad behavior. Pressing alt+f2 allowed me to run a terminal, with the locked screen. Blindly typing "compiz --replace" gave back normal behavior.

I'm observing this behavior as well, with compiz 1:0.6.0+git20071002-0ubuntu1. I can't see other windows by alt-tabbing, but my password dialog does not have focus (and text input is passed to the application that does have focus in the background). I've isolated it to this particular series of steps, though:
1. Run: synergyc -f <server-hostname>
2. Press the key combination to lock the screen
3. As the screen is fading to black, move the mouse off-screen (e.g. to the main synergy server monitor)
4. Return the mouse to the locked machine. The password prompt will lack focus. Alt tab does not appear to restore focus, however, super-tab does for me (bound to ring switcher).

For me, it just suffices to lock the screen. Moreover, I can't try without the option for full-screen app compatibility, since that option can't be toggled off.

@Vincenzo Ciancia: I tried to reproduce this issue but without success so far. Do you see this behavior all the time? Do you need to do anything special to trigger it?

Yes, I tried creating a new user, deleting all of its dotfiles, and just locking the screen I can press alt+f2, or rotate the cube, etc.

These are the packages I got. Apt says no newer version is available, however that "0.5.2" for compiz-fusion-plugins-main" seems sensible.

ii compiz 1:0.6.0+git20071004-0ubuntu2 OpenGL window and compositing manager
ii compiz-core 1:0.6.0+git20071004-0ubuntu2 OpenGL window and compositing manager
ii compiz-fusion-plugins-extra 0.5.2+git20070928-0ubuntu1 Collection of extra plugins from OpenCompositing for Compiz
ii compiz-fusion-plugins-main 0.5.2+git20070928-0ubuntu2 Collection of plugins from OpenCompositing for Compiz
ii compiz-gnome 1:0.6.0+git20071004-0ubuntu2 OpenGL window and compositing manager - GNOME window decorator
ii compiz-plugins 1:0.6.0+git20071004-0ubuntu2 OpenGL window and compositing manager - plugins
ii compizconfig-settings-manager 0.5.2+git20070912-0ubuntu1 Compiz configuration settings manager
ii libcompizconfig-backend-gconf 0.5.2+git20071005-0ubuntu2 Settings library for plugins - OpenCompositing Project
ii libcompizconfig0 0.5.2+git20070919-0ubuntu3 Settings library for plugins - OpenCompositing Project
ii python-compizconfig 0.5.2+git20070912-0ubuntu1 Compiz configuration system bindings

Thanks, I was able to reproduce this behavior now, here is a debug dump:

...
paint: gnome-screensaver 1 1 (box: 0 1600 0 1200)
unredirctWindow: 1 gnome-screensaver
for real

moveInputFocusToWindow: gnome-screensaver
paint: gnome-panel 1 1 (box: 0 1600 1175 1200)
paint: gnome-terminal 1 1 (box: 7 668 329 1170)
paint: emacs 1 1 (box: 352 1192 49 1072)
paint: gnome-panel 1 1 (box: -100 -99 -100 -99)
paint: gnome-panel 1 1 (box: -100 -99 -100 -99)
paint: gnome-panel 1 1 (box: -100 -99 -100 -99)
paint: gnome-commander 1 1 (box: -100 -99 -100 -99)
paint: nautilus 1 1 (box: -100 -99 -100 -99)
paint: gnome-panel 1 1 (box: 0 1600 0 25)
paint: nautilus 1 1 (box: 697 1592 255 1141)
paint: ccsm 1 1 (box: 105 1065 186 766)
paint: gnome-settings-daemon 1 1 (box: 587 1002 493 659)
paint: XMMS_Player 1 1 (box: 0 275 25 141)
paint: desktop_window 1 1 (box: 0 1600 0 1200)
moveInputFocusToWindow: gnome-terminal
....
and the repeated painting. The last move of the input focus is clearly the problem.

I found out that the

moveInputFocusToWindow: gnome-terminal

is triggered by a "EnterNotify" event. The findTopLevelWindowAtScreen() returned "gnome-terminal" there. It seems to be only triggered if the focus policy is *not* ClickToFocus.

Could someone confirm that only FocusFollowMouse triggers the problem?

Unfortunately I have to tell you that I have click-to-focus. Also, in the new user I created I used defaults for everything, so I had click-to-focus there, too.

I should add that this is the EnterNotify in handleEvent() (there are two in the source). Here is more debug output:

EnterNotify (2)
            event->xcrossing.detail 4 (NotifyNonlinearVirtual)
findWindowAtScreen: 31457313
findTopLevelWindowAtScreen: NULL (31457313)
findTopLevelWindowAtScreen: gnome-terminal (31457313)
findTopLevelWindowAtScreen() returned: gnome-terminal
moveInputFocusToWindow (9): gnome-terminal 31457313
moveInputFocusToWindow: gnome-terminal
findWindowAtScreen: 14680100
EnterNotify
EnterNotify (2)
            event->xcrossing.detail 3 (NotifyNonlinear)
findWindowAtScreen: 14680100
findTopLevelWindowAtScreen: NULL (14680100)
findTopLevelWindowAtScreen: gnome-screensaver (14680100)
findTopLevelWindowAtScreen is override_redirect
findTopLevelWindowAtScreen (2): NULL

My guess is that the handling of virtual crossing in compiz is not working correctly.

Maybe I have spoken too early. The problem seems to be that findTopLevelWindowAtScreen() returns NULL for all windows that are in override_redirect state and that are not of class InputOnly. The attached patch returns the correct window for class InputOutput.

Your patch has too few context, it does not apply cleanly (there's a hunk) and it does not compile, I tried manual edit but am unsure on which parenthesis is which. Can you attach the whole screen.c?

Thank you for prompt reply and good work.

If needed, I think I have a way to reproduce it each time.

- install synergy client, make the computer the client of another
- lock the screen
- move the mouse to the other computer
- wait for time out
- move the mouse back to the test computer
--> password window does not have focus

compiz (1:0.6.0+git20071006-0ubuntu1) gutsy; urgency=low

  * new 0.6 git snapshot:
    - fix initial stacking (LP: #147943)
    - fix crash in grab hanlding in wobbly (LP: #125981)
  * debian/patches/028_compiz_manager_blacklist:
    - add a missing i965 pci id (LP: #149751)
  * debian/patches/029_default_options:
    - disable vsync by default here so that the compiz and
      libcompizconfig do not fight over the default
  * debian/patches/024_add_config_notify.patch:
    - updated so that a extra configure notify is send in resizeWindow
      (LP: #140773)
  * debian/patches/023_ignore_hints_when_maximized.patch:
    - removed, no longer needed with latest git (LP: #145843)
  * debian/patches/030_fix_screensaver:
    - return InputOutput override_redirct windows in
      findTopLevelWindowAtScreen(), this fixes the focus problem
      in gnome-screensaver (LP: #122549)

 -- Michael Vogt <email address hidden> Sat, 06 Oct 2007 18:00:15 +0200

I can still reproduce this with 1:0.6.0+git20071006-0ubuntu1

@Chris: Thanks for this additional information. What is it you can reproduce? That the dialog does not have the focus? Or that it is possible to move the focus away?

I have 1:0.6.0+git20071006-0ubuntu2, and still can reproduce the bug. The dialog has the focus, but I can rotate the cube, switch focus etc. The only thing I can't do is to make the black screen of the screensaver transparent by using alt+mwheel.

Just as additional info:
Reproducable on XFCE with compositing enabled - see bug 158603.
Although on XFCE it shows only a still image of the desktop content.

Without changing any of my settings I can no longer reproduce with compiz version 1:0.6.0+git20071008-0ubuntu1, so this bug is fixed for me with recent upgrades.

This bug currently appears rarely, but it happens and I have sent my password to a buddy with that. It's very important!

after I've got the fix to that problem from the repository, gnome wouldn't load anymore, I tried booting the system a few times but nothing helps, I get no GUI.
Anyone else has this problem?

With compositing enabled in xfce, gnome-screensaver fails to keep the screen black.
The result then looks like http://rtg.optirom.info/photos/gnome-screensaver-disclosure.jpg (actual photo of the screen, sorry for the quality).
The screen becomes black at first and then the password input prompt is then displayed along with all the screen. The image is still but the update can be easily update by leaving a message.

thank you

Closing superfluous xorg task.

Not sure why this is still open, it has been fixed for quite some time.