Bug 291078

Summary: Desktop exposed through "Blank Screen" lock screen if Blur effect is enabled
Product: [Plasma] kwin Reporter: Sam Edwards <CFSworks>
Component: effects-variousAssignee: KWin default assignee <kwin-bugs-null>
Status: RESOLVED WORKSFORME    
Severity: minor CC: illumilore, leon.maurer, null, zanetu
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Ubuntu   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Sam Edwards 2012-01-09 19:46:35 UTC
Version:           unspecified (using KDE 4.7.3) 
OS:                Linux

In much the same vein as bug #201777, this is a bug that could allow somebody to see your desktop behind the lock screen.

If KDE's Blur effect is enabled, and the lock screen is set to Blank Screen, then an unauthorized user at the computer can call up the unlock dialog, and cancel it (or simply let it time out) and there's a good chance that the desktop will become visible. The desktop image does not update, which leads me to believe that the "blank screen" window is still visible, but the Blur effect blitted the desktop onto it. This would explain why animated screensavers do not have this problem, as they will then clear and redraw the window themselves.

I haven't been able to reproduce this bug with either Blur disabled, or with any screen saver other than "Blank Screen" enabled. I am reporting this as a bug with the effect (rather than with the lock screen) because I don't think Blur should be affecting the blank screen in the first place.

Reproducible: Sometimes

Steps to Reproduce:
1. Enable compositing, the Blur effect, and the Blank Screen screensaver.
2. Lock the screen.
3. Move the mouse to call up the password dialog.
4. Click the cancel button (or wait for the password dialog to time out)

Actual Results:  
There's a good chance that a screenshot of the desktop will become partially or wholly visible.

Expected Results:  
The blank screen should have remained blank. The desktop should not have appeared.

Kubuntu 11.10 with the nVidia proprietary drivers.
Comment 1 Martin Flöser 2013-01-18 19:58:56 UTC
In 4.10 the blank screen saver is no longer used. There is a new fullscreen lock screen used instead. This would actually fix the bug, but unfortunately the blank screen is still around and a user can configure it. Nevertheless this is not recommended to use and considered as deprecated. So overall it's a worksforme as by default it's not used any more.
Comment 2 Thomas Lübking 2013-01-18 20:31:12 UTC
*** Bug 183496 has been marked as a duplicate of this bug. ***
Comment 3 Oliver Henshaw 2013-03-01 14:21:01 UTC
*** Bug 306940 has been marked as a duplicate of this bug. ***
Comment 4 Oliver Henshaw 2013-03-01 14:22:45 UTC
*** Bug 307799 has been marked as a duplicate of this bug. ***