killing the screensaver gives access
Bug #446218 reported by
ReimarBauer
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gnome-screensaver (Ubuntu) |
Confirmed
|
Wishlist
|
Unassigned |
Bug Description
Binary package hint: gnome-screensaver
if the gnome-screensaver becomes killed the desktop is open for everyone.
I think if one or something kills the screensaver the user should be safely logged out.
ProblemType: Bug
Architecture: amd64
DistroRelease: Ubuntu 9.04
NonfreeKernelMo
Package: gnome-screensaver 2.24.0-0ubuntu6
ProcEnviron:
PATH=(custom, user)
LANG=de_DE.utf8
SHELL=/bin/bash
SourcePackage: gnome-screensaver
Uname: Linux 2.6.28-15-generic x86_64
security vulnerability: | yes → no |
visibility: | private → public |
Changed in gnome-screensaver (Ubuntu): | |
status: | New → Confirmed |
importance: | Undecided → Wishlist |
To post a comment you must log in.
I found out about this just yesterday. If a user is logged in on a different terminal, they can kill a locked gnome-screensaver and have free reign of the desktop.
Granted, leaving oneself logged in on multiple tty's is bad practice in itself, but there should be something that prevents the killing of gnome-screensaver.
That being said, how is a security loophole like this only a 'Wishlist' item?