Screensaver password keystrokes are echoed into underlying apps

Bug #1133091 reported by Māris Fogels on 2013-02-26
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
gnome-screensaver (Ubuntu)
Undecided
Unassigned

Bug Description

When switching between two user sessions with Gnome Screensaver, the keystrokes of your password are sent to the Gnome Screensaver Lock Screen and are also echoed into the focused application of the underlying user session.

This bug only happens when switching between users using the steps below. It does not happen for single-user unlocking, and it does not happen when unlocking the same user twice.

If the focused application in the underlying session is an IRC client like XChat your password keystrokes are echoed into it too, and the password ends up sent to the current IRC channel. This all happens while unlocking, before the lock screen is painted over by the session windows. (I didn't believe this bug was possible until it affected me twice in one week. This bug burned two of my login passwords in a row by sending them to IRC. Very annoying.)

Here are the steps to reproduce this. I accidentally followed this sequence both times:

1. User A and User B are both logged in. User B is running XChat.
2. Switch to User A's session.
3. Suspend the laptop.
4. Resume the laptop. User A lock screen is shown.
5. Press 'Switch User'. LightDM is shown.
6. Select User B in LightDM.
7. Type User B's password, press Enter.
8. User B is unlocked, the session screen is re-painted. The password is visible in the IRC client backscroll, already sent to the channel.

Other observations:
 * The system is under load while switching users. It is using swap space to handle both simultaneous user logins. Switching between users takes a few seconds: you can hear the HDD swapping and see loadavg climb while it does so.
 * I am not 100% positive that the suspend/resume step is necessary to reproduce this. It could be coincidence.

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: gnome-screensaver 3.4.1-0ubuntu1
ProcVersionSignature: Ubuntu 3.2.0-37.58-generic 3.2.35
Uname: Linux 3.2.0-37-generic x86_64
ApportVersion: 2.0.1-0ubuntu17.1
Architecture: amd64
Date: Mon Feb 25 20:33:59 2013
GnomeSessionIdleInhibited: No
GnomeSessionInhibitors: None
GsettingsGnomeSession:
 org.gnome.desktop.session idle-delay uint32 600
 org.gnome.desktop.session session-name 'ubuntu'
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Beta amd64 (20110915.1)
MarkForUpload: True
ProcEnviron:
 LANGUAGE=en_CA:en
 TERM=screen
 PATH=(custom, no user)
 LANG=en_CA.UTF-8
 SHELL=/bin/bash
SourcePackage: gnome-screensaver
UpgradeStatus: Upgraded to precise on 2012-04-04 (327 days ago)
WindowManager: No value set for `/desktop/gnome/session/required_components/windowmanager'

Māris Fogels (mars) wrote :
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers