Xscreensaver daemon crash returned to unlocked desktop

Bug #966129 reported by Thor S on 2012-03-27
26
This bug affects 5 people
Affects Status Importance Assigned to Milestone
xscreensaver (Ubuntu)
Undecided
Unassigned

Bug Description

Ubuntu 11.10, xscreensaver 5.14-1ubuntu1.

I use xscreensaver as my main screensaver and I've replaced the gnome-screensaver using the command suggested in the xscreensaver man page (sudo ln -sf /usr/bin/xscreensaver-command /usr/bin/gnome-screensaver-command). Recently it's been crashing more than usual, either partial (one screen hangs, the other works ok), or fully (can't lock screen or activate screensaver without restarting daemon). This does seem to happen more frequently when I've left my VirtualBox VM running, but I'm not sure it's related. At least twice now the crash has caused the OS to return to my desktop - unlocked - which seems like a pretty serious security concern, especially as it won't automatically relock either until I've manually restarted the xscreensaver daemon.

ProblemType: Bug
DistroRelease: Ubuntu 11.10
Package: xscreensaver 5.14-1ubuntu1
ProcVersionSignature: Ubuntu 3.0.0-16.29-generic 3.0.20
Uname: Linux 3.0.0-16-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 1.23-0ubuntu4
Architecture: amd64
Date: Tue Mar 27 11:52:54 2012
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release amd64 (20111012)
ProcEnviron:
 LANGUAGE=en_GB:en
 PATH=(custom, user)
 LANG=en_GB.UTF-8
 SHELL=/bin/bash
SourcePackage: xscreensaver
UpgradeStatus: No upgrade log present (probably fresh install)

Thor S (thor84no+launchpad) wrote :
security vulnerability: yes → no
security vulnerability: yes → no
visibility: private → public
visibility: private → public
Thor S (thor84no+launchpad) wrote :

Since this I've had this issue occur both on 12.04, and 12.10 (and on Mint 14), so this is still an issue. I also don't understand how a crash that unlocks my - specifically locked - screen is NOT a security vulnerability.

squarooticus (krose) wrote :

This happens to me, as well. I have switched to gnome-screensaver in hopes that it fixes the problem, but unfortunately gnome-screensaver is not configurable under XFCE so I am somewhat dissatisfied. This crash only occurs once every few weeks, so I have not been able to catch it in gdb.

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in xscreensaver (Ubuntu):
status: New → Confirmed
cartoon hero (ch604) wrote :

This is still a security issue; password protected machine will unlock itself when the screensaver daemon crashes. ive found that this is also however an issue upstream on debian 8.

David (david.phillips) wrote :

I can confirm this still exists. It's also definitely a security vulnerability. I just came back from the weekend and found my work machine completely unlocked, open, and accessible. Like many users in my place, this is completely unacceptable and dangerous. I have no choice but to stop using xscreensaver now.

I'm running xscreensaver 5.34, and Ubuntu 16.04.4 LTS (Xenial Xerus)

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers