Version: (using KDE 4.3.0) OS: Linux Installed from: Ubuntu Packages Forwarded from https://launchpad.net/bugs/376253 Original report: "If the KDE Desktop is allowed to blank the screen and lock itself, and an object (usually a cat, but occasionally a malicious attacker) then rests on the keyboard causing the password prompt to appear, the password entry routine will hang once sufficient key repeats have happened. The user cannot then unlock the KDE desktop. As a temporary fix I have SSH'd into colleagues machines and killed the krunner_lock process. This was noted on current Jaunty 9.04 installations with both USB and internal laptop keyboards. Technically this may be considered a security issue as it bears all the hallmarks of a DoS attack." [My comments] It probably is barely only a security issue at all, but krunner_lock should probably not hang if too many characters are typed. There's also a duplicate at the Launchpad bug, so this probably is a valid issue. Plus we must protect ourselves from our future cat overlords ;-)
I can confirm this issue, testing with KDE 4.3.1 from kubuntu packages. After around 5min entering characters (couldn't found a cat, had to use something else ;) kscreenlocker was causing some 80% CPU load. After I stopped entering characters, the CPU load doesn't went down again.
*** This bug has been marked as a duplicate of bug 202981 ***