Ubuntu
xscreensaver package

xscreensaver does not provide absolute visual protection

Bug #1744459 reported by Removed by request
8
Affects Status Importance Assigned to Milestone
X.Org X server
Unknown
Wishlist
xorg-server (Ubuntu)
New
Undecided
Unassigned
xscreensaver (Ubuntu)
New
Undecided
Unassigned

Bug Description

I'm using xscreensaver 5.36-1ubuntu1 and xserver-xorg-core 2:1.19.5-0ubuntu2 and while I had Steam (with Wine) opened and a chat window was open but minimized to the taskbar after locking the screen with xscreensaver I did receive a message from somebody which then appeared on the right bottom of xscreensaver's locked window.

Revision history for this message
Jamie Zawinski (jwz) wrote : Re: [Bug 1744459] [NEW] xscreensaver does not provide absolute visual protection

Insofar as this may be considered a bug instead of a feature, it is a bug in either your window manager, Wine, or Steam. There's nothing xscreensaver can do about it.

https://www.jwz.org/xscreensaver/faq.html#popup-windows

Revision history for this message
In , Removed by request (removed3425744) wrote :

On locking the screen with XScreenSaver I noticed that a popup window from a chat was able to show up and thus leaking private information. On reporting this against XScreenSaver it seems that the X-Server does not provide the ability to uniquely claim the top drawing area in a way that all other applications can't draw on top of it anymore to counter such issues.

But similar to bug #69298 comment #1 it could also become an issue if applications begin to uniquely claim the top drawing area in case this is unwanted by the user (for example a fullscreen game could do this and more or less unintentionally preventing the user to add his custom overlays). Eventually this needs also to be bind on higher permissions so that this can be configured.

Revision history for this message
Removed by request (removed3425744) wrote :

That is unfortunate that there is currently no way to do this as I consider this leaking of private information after locking the screen as a security issue. But I think this needs to be solved by the X-Server instead so I have created a feature request there: https://bugs.freedesktop.org/show_bug.cgi?id=104715

Revision history for this message
In , Gitlab-migration (gitlab-migration) wrote :

-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/xorg/proto/xorgproto/issues/8.

Bug Watch Updater (bug-watch-updater)
Changed in xorg-server:
importance: Unknown → Wishlist
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.