gdm user switcher allows desktop preview w/o passwd
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| gdm (Ubuntu) |
Confirmed
|
Low
|
Unassigned | ||
Bug Description
Binary package hint: gdm
00[ Environment - two user accounts open. Switching between the accounts is being done using the gnome-panel applet identified as "Log Out" (it has a default icon of a white portrait with an orange hand)
01] The switcher displays clearly and in full focus the desktop and open windows of the target (the account TO which the switch was requested)
02] After slightly less than a full second, the screen changes to black, with the correct (if cosmetically quite ugly) authentification screen.
WHAT I EXPECTED TO HAPPEN: not to get a an unauthorized glimpse at the potentially private desktop and open windows of another user, without any authentification. I suppose James Bond might have a sneaky camera hidden in his cell phone to photograph or video the event and squeal to the Brits. Then where would we all be?
But seriously, it is a security compromise, and the duration might variable, or possibly be able to modified to be variable.
ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: gdm 2.30.2.
ProcVersionSign
Uname: Linux 2.6.32-24-generic i686
Architecture: i386
Date: Mon Aug 16 01:26:39 2010
InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release i386 (20100429)
ProcEnviron:
LANG=en_US.utf8
SHELL=/bin/bash
SourcePackage: gdm
| What, me urgent? (whatmeurgent) wrote | #1 |
| visibility: | private → public |
| Sebastien Bacher (seb128) wrote | #2 |
| Changed in gdm (Ubuntu): | |
| importance: | Undecided → Low |
| Changed in gdm (Ubuntu): | |
| status: | New → Confirmed |
| status: | Confirmed → Triaged |
| status: | Triaged → Confirmed |
the bug is a duplicate of some others gdm or gnome-screensaver bugs