[Bug 796934] New: Screen saver not blanking screen (information leakage!!)
https://bugzilla.novell.com/show_bug.cgi?id=796934 https://bugzilla.novell.com/show_bug.cgi?id=796934#c0 Summary: Screen saver not blanking screen (information leakage!!) Classification: openSUSE Product: openSUSE 12.2 Version: Final Platform: x86-64 OS/Version: openSUSE 12.2 Status: NEW Severity: Critical Priority: P5 - None Component: KDE4 Workspace AssignedTo: kde-maintainers@suse.de ReportedBy: dfreeman@ieee.org QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/17.0 Firefox/17.0 The KDE "Blank Screen" screen saver sometimes doesn't blank the screen. It instead displays a frozen view of whatever was drawn when it activates. When you move the mouse, it either refreshes the display as a result of ending the screen saver, or it asks for a password with the password request displayed over the frozen view. If the password request is made to disappear without unlocking the session, the frozen view under the password request is restored. (I.e. no blank space is left there. An active redraw occurs.) This has serious and obvious security implications for someone who uses automatic screen locking as a means to prevent information leakage. You can see whatever the person was working on before it locked - emails, scripts running, etc. openSUSE 12.2 (has also been prevalent in 12.1 and earlier) KDE 4.8.5 release 2, and earlier Screen saver set to "Blank Screen", start automatically after 5 min and then password protect after 60 sec. This happens intermittently (but frequently) on two machines. One running AMD and one running NVIDIA graphics. Reproducible: Sometimes Steps to Reproduce: 1. Configure KDE with Blank Screen screen saver and a password to unlock 2. Wait for screen saver to time out 3. Move the mouse to verify that the screen saver activated Actual Results: A password request appears over an apparently normal and unlocked desktop session. Expected Results: The screen blanks and no further information is visible until the session is unlocked. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=796934
https://bugzilla.novell.com/show_bug.cgi?id=796934#c1
--- Comment #1 from Darren Freeman
https://bugzilla.novell.com/show_bug.cgi?id=796934
https://bugzilla.novell.com/show_bug.cgi?id=796934#c2
--- Comment #2 from Darren Freeman
https://bugzilla.novell.com/show_bug.cgi?id=796934
https://bugzilla.novell.com/show_bug.cgi?id=796934#c3
Hrvoje Senjan
participants (1)
-
bugzilla_noreply@novell.com