xscreensaver does not provide absolute visual protection

Bug #1744459 reported by Sworddragon on 2018-01-20
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
X.Org X server
Unknown
Wishlist
xorg-server (Ubuntu)
Undecided
Unassigned
xscreensaver (Ubuntu)
Undecided
Unassigned

Bug Description

I'm using xscreensaver 5.36-1ubuntu1 and xserver-xorg-core 2:1.19.5-0ubuntu2 and while I had Steam (with Wine) opened and a chat window was open but minimized to the taskbar after locking the screen with xscreensaver I did receive a message from somebody which then appeared on the right bottom of xscreensaver's locked window.

Insofar as this may be considered a bug instead of a feature, it is a bug in either your window manager, Wine, or Steam. There's nothing xscreensaver can do about it.

https://www.jwz.org/xscreensaver/faq.html#popup-windows

On locking the screen with XScreenSaver I noticed that a popup window from a chat was able to show up and thus leaking private information. On reporting this against XScreenSaver it seems that the X-Server does not provide the ability to uniquely claim the top drawing area in a way that all other applications can't draw on top of it anymore to counter such issues.

But similar to bug #69298 comment #1 it could also become an issue if applications begin to uniquely claim the top drawing area in case this is unwanted by the user (for example a fullscreen game could do this and more or less unintentionally preventing the user to add his custom overlays). Eventually this needs also to be bind on higher permissions so that this can be configured.

Sworddragon (sworddragon) wrote :

That is unfortunate that there is currently no way to do this as I consider this leaking of private information after locking the screen as a security issue. But I think this needs to be solved by the X-Server instead so I have created a feature request there: https://bugs.freedesktop.org/show_bug.cgi?id=104715

-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/xorg/proto/xorgproto/issues/8.

Changed in xorg-server:
importance: Unknown → Wishlist
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.