xfce4 screensaver revealing confidential data when computer is locked
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| xfce4-screensaver (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
Bug Description
Hi,
after using Lubuntu for years, I was just giving Xubuntu a try and have installed a machine with Xubuntu, and was astonished to see confidential data in my home directory largely on the screen when the computer is locked.
reason:
XFCE4 comes with a screensaver that by default picks a random screensaver art program every time it starts. And one of the programs it randomly picks is "slideshow", which shows the Pictures from ~/Pictures on the locked screen, thus revealing confidential screen shots, scans, etc.
What stupid concept is it, to display data from the account on the screen of a locked computer?
What's the point in locking the computer then?
ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: xfce4-screensaver 4.16.0-1
ProcVersionSign
Uname: Linux 5.15.0-56-generic x86_64
NonfreeKernelMo
ApportVersion: 2.20.11-0ubuntu82.3
Architecture: amd64
CasperMD5CheckR
CurrentDesktop: XFCE
Date: Tue Jan 3 08:49:10 2023
InstallationDate: Installed on 2022-12-25 (8 days ago)
InstallationMedia: Xubuntu 22.04.1 LTS "Jammy Jellyfish" - Release amd64 (20220809.1)
SourcePackage: xfce4-screensaver
UpgradeStatus: No upgrade log present (probably fresh install)
| Hadmut Danisch (hadmut) wrote | #1 |
| Eduardo Barretto (ebarretto) wrote | #2 |
| information type: | Private Security → Public Security |
Thanks for taking the time to report this bug and helping to make Ubuntu better. I am making this bug public so the Desktop team can see it. This is not the only screensaver issue of this kind though, you might want to check the other tickets reported for this package in case there's any relevant feedback. Please feel free to report any other bugs you may find.