Bug 125318

Summary: security bug in timed login with lock - locking fails when changing to the console
Product: kscreensaver Reporter: Kevin Goeser <kevin>
Component: generalAssignee: kscreensaver bugs tracking <kscreensaver-bugs-null>
Status: RESOLVED NOT A BUG    
Severity: major CC: l.lunak, ossi, ovit.debian, torre_cremata
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Gentoo Packages   
OS: Linux   
Latest Commit: Version Fixed In:

Description Kevin Goeser 2006-04-10 23:05:53 UTC 
Version:            (using KDE KDE 3.5.2)
Installed from:    Gentoo Packages
Compiler:          gcc-3.4.5 
OS:                Linux

I enabled the auto login with locking the screen. When I change to the console while the auto login countdown is running, the locking of the screen fails! Changing back to X, lets me use KDE w/o a need of a password...

Also tested on debian/etch with kde 3.5.1.
Comment 1 Kevin Goeser 2007-01-18 21:04:22 UTC 
The KDM auto login situation is acutally getting worse:
- pressing Escape doesn't cancel the auto login any more
- pressing Tab cancels the autologin - but just for let's say 15secs
- the lock-on-auto-login feature is still useless, due to the bug described above.

KDE 3.5.5 - gentoo as well as debian/etch

If this is not fixable - I suggest removing the feature completely, it just pretends some security which hardly exists.
Comment 2 Oswald Buddenhagen 2007-02-11 16:14:10 UTC 
*** Bug 141540 has been marked as a duplicate of this bug. ***
Comment 3 Oswald Buddenhagen 2007-04-11 13:57:30 UTC 
confirmed. the key is most probably this:
  kdesktop: WARNING: LockProcess::startSaver() grabInput() failed!!!!
as a "special feature", the session does not accept keyboard input (the x server's alt-ctrl-combos still work, though).
lubos?

re comment #1: the situation is not getting worse, but new features are added. if you don't want the persisting auto-login, turn it off. it's off by default, btw. ;)
Comment 4 Oswald Buddenhagen 2007-04-11 17:41:37 UTC 
btw, the "keyboard gone" problem seems to be unrelated to the locking failure, but clearly has the same trigger - see bug #143343.
Comment 5 Lubos Lunak 2007-05-15 16:12:23 UTC 
*** Bug 143343 has been marked as a duplicate of this bug. ***
Comment 6 Lubos Lunak 2007-05-15 16:31:37 UTC 
Either X or KDM bug, depending on how much KDM does. Neither keyboard nor locking works because something has keyboard grab or at least X thinks so (running a testapp which tries to call XGrabKeyboard() returns AlreadyGrabbed).

Grepping in KDM sources show some XGrabKeyboard() calls but no matching XUnrabKeyboard() calls, so I suggest you check that and either fix it, otherwise this is X bug and nothing we could do about it.
Comment 7 Oswald Buddenhagen 2007-05-15 16:37:29 UTC 
well, the greeter simply terminates - that should release any grabs it holds, no? also, this wouldn't explain why it happens only when the display isn't on the current vt.
Comment 8 Oswald Buddenhagen 2007-12-22 08:50:33 UTC 
closing as invalid, as this isn't kde's fault after all.
i reported this to xorg at http://bugs.freedesktop.org/show_bug.cgi?id=13675 , but now i can't reproduce it myself any more, so it must have been fixed meanwhile. comment there if you have something substantial to add.
Comment 9 Kevin Goeser 2007-12-22 12:18:30 UTC 
Thanks for looking at it - and sorry for blaming the wrong guys ;) Happy Christmas!