Comment 16 for bug 474654

Revision history for this message
In , art alexion (art-alexion) wrote :

Version: 0.2 (using KDE 4.4.2)
OS: Linux

This is a security setting. The expected behavior is that an unauthorized person will not be able to view the desktop if the password isn't entered. With the current behavior, the desktop is revealed; interaction is prevented, but private information open is revealed.

Reproducible: Always

Steps to Reproduce:
Go to system settings>Desktop>Screen Saver. Activate the screensaver. Check the box "Require password to stop". Activate screen saver. move mouse or tap keyboard to stop screensaver. Desktop is revealed, and password entry box becomes modal over the system.

This happens with blank screen screensaver. Others not tested.

Actual Results:
The behavior revealing the screen, even before the password is entered, makes this of limited security value.

Expected Results:
That some other visual obscures the screen. For example, Gnome continues to show only a blank screen and the password entry dialog. Windows shows some variation of the login screen.

OS: Linux (x86_64) release 2.6.32-24-generic
Compiler: cc

I think this is a security bug.