[Bug 274197] New: Screensaver only activates after resuming system suspend
https://bugzilla.novell.com/show_bug.cgi?id=274197 Summary: Screensaver only activates after resuming system suspend Product: SUSE Linux 10.1 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: s.handgraaf@xs4all.nl QAContact: qa@suse.de As part of a security review I noticed the Gnome screensaver is activated after a resume of a system suspend. This leaves a small window of opportunity for unauthorized users to view the content of the screen between the time a system resumes out of suspend/hibernation and the moment the screensaver is activated.
From security perspective this in unwanted behaviour since this can disclose sensitive information and might even allow access to the user environment.
My suggestion is to activate the screensaver by default when the system is given the command to suspend/hibernate and make sure the screen is already locked before the system suspends. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=274197 meissner@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |security-team@suse.de, hmacht@novell.com AssignedTo|security-team@suse.de |seife@novell.com ------- Comment #1 from meissner@novell.com 2007-05-14 05:15 MST ------- sadly a known issue. the suspend folks tell us they can't handle this currently, but lets just reassign it to them and hear from them again. Is this really a bug against 10.1 or is it against 10.2? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=274197 ------- Comment #2 from hmacht@novell.com 2007-05-14 05:23 MST ------- If that's really a 10.1 bug, I have to apologize that this is a WONTFIX because of the whole design which was in use to this time. We cannot do anything about it. Fortunatelly, this got fixed along with the power management redesign starting from openSUSE 10.2. Please give openSUSE 10.2 or newer a try if you like. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=274197 seife@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO Info Provider| |s.handgraaf@xs4all.nl ------- Comment #3 from seife@novell.com 2007-06-05 12:01 MST ------- is this really against 10.1 or against 10.2/newer? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=274197 s.handgraaf@xs4all.nl changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW Info Provider|s.handgraaf@xs4all.nl | ------- Comment #4 from s.handgraaf@xs4all.nl 2007-06-06 05:15 MST ------- (In reply to comment #3)
is this really against 10.1 or against 10.2/newer?
To confirm, this report is started since the finding of this issue in SUSE 10.1. I have not tested this against 10.2. I wonder why Marcus questions this if report is against 10.1. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=274197 seife@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WONTFIX ------- Comment #5 from seife@novell.com 2007-06-06 07:18 MST ------- Well, this is fixed in 10.2, and for 10.1 it is basically a "CANTFIX". For a high security environment you can trigger suspend by calling xscreensaver-command lock powersave -u in a script to trigger suspend instead of using the suspend feature from g-p-m. Since the old powersave infrastructure is not suited to handle this better, and we fixed this already for 10.2+ by switching to a better suited infrastructure, i'll set this to "FIXED in 10.3", AKA WONTFIX -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
participants (1)
-
bugzilla_noreply@novell.com