Mailinglist Archive: opensuse-bugs (4203 mails)

[bugzilla_noreply@xxxxxxxxxx]

https://bugzilla.novell.com/show_bug.cgi?id=739680

https://bugzilla.novell.com/show_bug.cgi?id=739680#c0


           Summary: Login security proglem
    Classification: openSUSE
           Product: openSUSE 12.1
           Version: Final
          Platform: x86-64
        OS/Version: SuSE Other
            Status: NEW
          Severity: Enhancement
          Priority: P5 - None
         Component: GNOME
        AssignedTo: bnc-team-gnome@xxxxxxxxxxxxxxxxxxxxxx
        ReportedBy: k.rautavuori@xxxxxxxxx
         QAContact: qa@xxxxxxx
          Found By: ---
           Blocker: ---


User-Agent:       Mozilla/5.0 (X11; Linux x86_64; rv:9.0) Gecko/20100101
Firefox/9.0

When leaving the gnome desktop unused so it goes to the locked state, i am then
able to choose 'switch user' and be redirected to the login screen. 
> From there i am able to select power of or reboot - and all this without ever
entering a password anywhere. I would guess that this is not a behaviour that
was in the developers mind, and it should be given some consideration on how to
better manage the security of these steps.

Reproducible: Always

Steps to Reproduce:
1.lock screen
2.select 'switch user'
3.do anything you like with the upper right corner power switch
Actual Results:  
The ability to power down the computer even if someone has programs running
behind a locked session, and all this without having to use a password

Expected Results:  
A password should be entered to perform powerdown if there is somebody actually
using the computer.

-- 
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.