Bug 226698

Summary: Kscreensaver fails by pressing enter --> SECURITY BUG
Product: kscreensaver Reporter: Chuck <cfox04>
Component: generalAssignee: kscreensaver bugs tracking <kscreensaver-bugs-null>
Status: RESOLVED DUPLICATE    
Severity: crash    
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Arch Linux   
OS: Linux   
Latest Commit: Version Fixed In:

Description Chuck 2010-02-13 17:21:54 UTC 
Version:            (using KDE 4.4.0)
Compiler:          GCC 4.4.3 
OS:                Linux
Installed from:    Archlinux Packages

I saw this article related to Gnome's screenlock being broken: http://www.h-online.com/security/news/item/GNOME-screen-lock-ineffective-in-openSUSE-Linux-Update-928794.html

Using KDE 4.4 I can reproduce the same behavior.  Using several different screensavers, including the blank screen mode, and with compositing turned on or off it is possible to crash the screen-lock program simply by pressing enter.

Steps to reproduce:
  1. Lock the screen
  2. Press <enter> several times.  Pressing & holding is also effective.  The screen lock does not always fail immediately, but in less than a minute this bug is 100% reproducible and allows access to the desktop.
  3. Other keys may help crash it as well, but I only need to press enter to reproduce the bug.


Suggested Solution:
  Trap input events better so that the program cannot crash.  Institute a timer so that there is a delay between when the program will accept user input.
Comment 1 Pino Toscano 2010-02-13 17:52:53 UTC 

*** This bug has been marked as a duplicate of bug 217882 ***