Power-saving mode buttons on Kickoff menu call pm-utils directly instead of using DBUS

Actually first it checks to see if the powerdevil daemon is running. If it's not it will directly invoke them via Solid.
Maybe the powerdevil kded daemon isn't running on your system?
Could you start plasma in Konsole and paste the output when you hit suspend or hibernate in Kickoff? (If powerdevil is running it should print that it is using it when you click the button

I killed and restarted plasma from a konsole window, and then suspended and resumed with system. I didn't see any output relating to power management in the console output, but I have posted it anyway.

I can also confirm this in Kubuntu Jaunty Alpha 6 with KDE 4.2.1, that resume from suspend doesn't lock the screen, even though 'Lock screen on resume' option is selected in the power settings.

Confirmed, too. I'm setting Importance to High, since it really is a security issue.

I agree that this is a security bug. It really needs to be fixed before the release.

Milestoning.

Im with kubuntu 9.04 RC and this bug still no fixed. I hope it will be fixed in release, because is really important for security.

You are right. It is a very important security bug.

Neither the power save button in Kickoff nor the sleep button (Fn + F4) on my keyboard are locking the screen. I still have to use Guidance Power Manager to get the screen locked.

You might want to check your /etc/acpi/sleepbtn.sh file to ensure that it is not putting your system to sleep before PowerDevil can process the event. I had to do this to get the sleep key on my laptop to work.

Fix committed for KDE 4.3. It seems to be more of an architectural change, so it's probably unlikely that we could get a fix in for Kubuntu 9.04 without doing something extreme like taking away the ability to suspend from Kickoff.

Does that mean waiting until 9.10?

If so, that's a deal breaker for me. This is a serious security flaw and there's no way I can roll this out to a business. If you have to take away the ability to suspend from kickoff, then so be it. That's what happens when you have security issues, the solutions aren't always pretty, but you have to plug the hole.

You're sending a message about the importance of security here, don't blow it.

There will be KDE 4.3 packages available for Kubuntu 9.04, but if you have concerns about whether or not KDE applies security fixes for their point releases you really should take it up with them...

Speaking of Karmic, when are the KDE 4.3 packages getting uploaded for that? I can't wait.

The first beta should be out next week, so I'd say maybe a week to two and a half weeks until we get packages ready, depending on how busy everyone is. (beta's usually take longer since 4.2.x -> 4.3.x is a bigger departure than 4.2.2 -> 4.2.3)

Oh, sorry. It's actually out two weeks from now. Worst-case scenario (judging from last time) would be a week and a half after KDE releases the beta.

...but this is sorta getting a tad bit off topic, so I'll stop now. ;-)

Fixed in KDE 4.3

This bug also affects Lancelot launcher; installed from the repos (plasma-widget-lancelot)

Which version of Kubuntu are you using?

I am using 9.10 Karmic Koala. Is there any sort of output I can provide?

Could you see if anything in comment 1 applies to you?

Will be fixed for Lancelot in KDE 4.4 RC1.

Fix released to lucid.

I can verify that the screen is locked when I use Lancelot to suspend to ram. However the k-menu and the screen lock plasmoid are still broken.