'[Bug 246623] New: Screensaver "require password to stop" setting'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-bugs-dist
Subject:    [Bug 246623] New: Screensaver "require password to stop" setting
From:       art alexion <art.alexion () verizon ! net>
Date:       2010-08-03 15:57:46
Message-ID: bug-246623-17878 () http ! bugs ! kde ! org/
[Download RAW message or body]

https://bugs.kde.org/show_bug.cgi?id=246623

           Summary: Screensaver "require password to stop" setting does
                    not hide desktop when password entry dialog is
                    displayed.
           Product: systemsettings
           Version: 0.2
          Platform: Ubuntu Packages
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: NOR
         Component: kcm_screensaver
        AssignedTo: kscreensaver-bugs-null@kde.org
        ReportedBy: art.alexion@verizon.net


Version:           0.2 (using KDE 4.4.2) 
OS:                Linux

This is a security setting.  The expected behavior is that an unauthorized
person will not be able to view the desktop if the password isn't entered. 
With the current behavior, the desktop is revealed; interaction is prevented,
but private information open is revealed.

Reproducible: Always

Steps to Reproduce:
Go to system settings>Desktop>Screen Saver.  Activate the screensaver.  Check
the box "Require password to stop".  Activate screen saver.  move mouse or tap
keyboard to stop screensaver.  Desktop is revealed, and password entry box
becomes modal over the system.

This happens with blank screen screensaver.  Others not tested.

Actual Results:  
The behavior revealing the screen, even before the password is entered, makes
this of limited security value.

Expected Results:  
That some other visual obscures the screen.  For example, Gnome continues to
show only a blank screen and the password entry dialog.  Windows shows some
variation of the login screen. 

OS: Linux (x86_64) release 2.6.32-24-generic
Compiler: cc

I think this is a security bug.

-- 
Configure bugmail: https://bugs.kde.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic