125318 – security bug in timed login with lock - locking fails when changing to the console

Bug 125318 - security bug in timed login with lock - locking fails when changing to the console

Summary: security bug in timed login with lock - locking fails when changing to the co...

Status:	RESOLVED NOT A BUG

Alias:	None

Product:	kscreensaver
Classification:	Miscellaneous
Component:	general (show other bugs)
Version:	unspecified
Platform:	Gentoo Packages Linux

Importance:	NOR major
Target Milestone:	---
Assignee:	kscreensaver bugs tracking

URL:
Keywords:

Duplicates (2):	141540 143343 (view as bug list)
Depends on:
Blocks:

Reported:	2006-04-10 23:05 UTC by Kevin Goeser
Modified:	2008-05-19 17:59 UTC (History)
CC List:	4 users (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Kevin Goeser 2006-04-10 23:05:53 UTC

Version:            (using KDE KDE 3.5.2)
Installed from:    Gentoo Packages
Compiler:          gcc-3.4.5 
OS:                Linux

I enabled the auto login with locking the screen. When I change to the console while the auto login countdown is running, the locking of the screen fails! Changing back to X, lets me use KDE w/o a need of a password...

Also tested on debian/etch with kde 3.5.1.

Comment 1 Kevin Goeser 2007-01-18 21:04:22 UTC

The KDM auto login situation is acutally getting worse:
- pressing Escape doesn't cancel the auto login any more
- pressing Tab cancels the autologin - but just for let's say 15secs
- the lock-on-auto-login feature is still useless, due to the bug described above.

KDE 3.5.5 - gentoo as well as debian/etch

If this is not fixable - I suggest removing the feature completely, it just pretends some security which hardly exists.

Comment 2 Oswald Buddenhagen 2007-02-11 16:14:10 UTC

*** Bug 141540 has been marked as a duplicate of this bug. ***

Comment 3 Oswald Buddenhagen 2007-04-11 13:57:30 UTC

confirmed. the key is most probably this:
  kdesktop: WARNING: LockProcess::startSaver() grabInput() failed!!!!
as a "special feature", the session does not accept keyboard input (the x server's alt-ctrl-combos still work, though).
lubos?

re comment #1: the situation is not getting worse, but new features are added. if you don't want the persisting auto-login, turn it off. it's off by default, btw. ;)

Comment 4 Oswald Buddenhagen 2007-04-11 17:41:37 UTC

btw, the "keyboard gone" problem seems to be unrelated to the locking failure, but clearly has the same trigger - see bug #143343.

Comment 5 Lubos Lunak 2007-05-15 16:12:23 UTC

*** Bug 143343 has been marked as a duplicate of this bug. ***

Comment 6 Lubos Lunak 2007-05-15 16:31:37 UTC

Either X or KDM bug, depending on how much KDM does. Neither keyboard nor locking works because something has keyboard grab or at least X thinks so (running a testapp which tries to call XGrabKeyboard() returns AlreadyGrabbed).

Grepping in KDM sources show some XGrabKeyboard() calls but no matching XUnrabKeyboard() calls, so I suggest you check that and either fix it, otherwise this is X bug and nothing we could do about it.

Comment 7 Oswald Buddenhagen 2007-05-15 16:37:29 UTC

well, the greeter simply terminates - that should release any grabs it holds, no? also, this wouldn't explain why it happens only when the display isn't on the current vt.

Comment 8 Oswald Buddenhagen 2007-12-22 08:50:33 UTC

closing as invalid, as this isn't kde's fault after all.
i reported this to xorg at http://bugs.freedesktop.org/show_bug.cgi?id=13675 , but now i can't reproduce it myself any more, so it must have been fixed meanwhile. comment there if you have something substantial to add.

Comment 9 Kevin Goeser 2007-12-22 12:18:30 UTC

Thanks for looking at it - and sorry for blaming the wrong guys ;) Happy Christmas!