329375 2013-12-29 17:30:58 +0000 kscreenlock_greet insecure with multiple X screens 2015-01-23 11:51:41 +0000 1 1 10 Unmaintained kscreensaver locker-qml 4.11.4 Ubuntu Linux RESOLVED DUPLICATE 314073 https://bugs.launchpad.net/ubuntu/+source/kde-workspace/+bug/1264821 NOR major --- 0 kde plasma-bugs-null mgraesslin trebor_x 0 oldest_to_newest 1421382 0 kde 2013-12-29 17:30:58 +0000 When using multiple X screens (3 in this case), kscreenlocker-greet behaves very badly and insecurely. It appears to be drawing the desktop background image/screensaver images for all three X screens to the primary screen (0) and doesn't blank/screensave the monitors belonging to screens 1 and 2 (which leaves their contents in view), and it displays 2, maybe 3 greeter dialogs (1 may be hidden) on the primary X screen, but only accepts typed password input in 1 of them (the primary X screen's dialog). Reading the source-code at ksmserver/screenlocker/greeter/greeterapp.cpp::UnlockApp::desktopResized() it appears to iterate the screens via desktop()->screenCount() but assumes there is only one X display when showing the ScreenSaverWindow. Reproducible: Always Steps to Reproduce: 1. Configure multiple X screens 2. Lock Actual Results: All background images and screensavers are drawn to X screen 0 Expected Results: Each background image and screensaver should be rendered on the correct X screen I'm testing a possible fix which passes display()->screen(i) to the QDeclarativeView constructor. Photographs of the screens are attached to the referenced Ubuntu bug report #1264821. 1421908 1 84383 kde 2013-12-31 18:12:34 +0000 Created attachment 84383 Render background and greeter on correct X screen This patch is for version up to 4.11.4. The re-factoring for Plasma 2 needs a little more research since it replaces QDeclarativeView with a QQuickView, but the same solution (passing QApplication->display()->screen(i)v) looks to be doable if the QWidget is exchangeable for the QWindow in the QQuickView constructor. 1422403 2 mgraesslin 2014-01-03 10:10:18 +0000 are you really using multiple X screens like :0.0 and :0.1? 1422490 3 kde 2014-01-03 17:33:40 +0000 Don't forget :0.2! 1422496 4 mgraesslin 2014-01-03 17:49:16 +0000 ok, so it is multi-head. This is a very uncommon setup and I doubt any developer is able to test and verify the patch. From a quick look at the patch looks wrong to me, because you use "i" as an index in QDesktopWindow::screen(). This looks crashy to me and potentially wrong. In fact in your case I expect that it's always just 0. There should be three processes with one screen each. While on a more regular setup there is just one process with three screens attached. 1493465 5 mgraesslin 2015-01-23 11:51:41 +0000 *** This bug has been marked as a duplicate of bug 314073 *** 84383 2013-12-31 18:12:34 +0000 2013-12-31 18:12:34 +0000 Render background and greeter on correct X screen greeterapp.diff text/plain 932 kde LS0tIGtzbXNlcnZlci9zY3JlZW5sb2NrZXIvZ3JlZXRlci9ncmVldGVyYXBwLmNwcAkyMDEzLTEy LTMxIDE1OjE0OjMyLjMzNDQ1NjQ2MSArMDAwMAorKysgLi4va2RlLXdvcmtzcGFjZS00LjEwLjUv a3Ntc2VydmVyL3NjcmVlbmxvY2tlci9ncmVldGVyL2dyZWV0ZXJhcHAuY3BwCTIwMTMtMTItMjkg MTQ6MzQ6MDkuMDgxMzc5ODgwICswMDAwCkBAIC0xNDIsOCArMTQyLDggQEAKICAgICBjb25zdCBi b29sIGNhbkxvZ291dCA9IEtBdXRob3JpemVkOjphdXRob3JpemVLQWN0aW9uKCJsb2dvdXQiKSAm JiBLQXV0aG9yaXplZDo6YXV0aG9yaXplKCJsb2dvdXQiKTsKICAgICBjb25zdCBRU2V0PFNvbGlk OjpQb3dlck1hbmFnZW1lbnQ6OlNsZWVwU3RhdGU+IHNwZE1ldGhvZHMgPSBTb2xpZDo6UG93ZXJN YW5hZ2VtZW50OjpzdXBwb3J0ZWRTbGVlcFN0YXRlcygpOwogICAgIGZvciAoaW50IGkgPSBtX3Zp ZXdzLmNvdW50KCk7IGkgPCBuU2NyZWVuczsgKytpKSB7Ci0gICAgICAgIC8vIGNyZWF0ZSB0aGUg dmlldwotICAgICAgICBRRGVjbGFyYXRpdmVWaWV3ICp2aWV3ID0gbmV3IFFEZWNsYXJhdGl2ZVZp ZXcoKTsKKyAgICAgICAgLy8gY3JlYXRlIHRoZSB2aWV3LCBzZXR0aW5nIHBhcmVudCB0byB0aGUg Y29ycmVjdCBYIHNjcmVlbgorICAgICAgICBRRGVjbGFyYXRpdmVWaWV3ICp2aWV3ID0gbmV3IFFE ZWNsYXJhdGl2ZVZpZXcoZGVza3RvcCgpLT5zY3JlZW4oaSkpOwogICAgICAgICBjb25uZWN0KHZp ZXcsIFNJR05BTChzdGF0dXNDaGFuZ2VkKFFEZWNsYXJhdGl2ZVZpZXc6OlN0YXR1cykpLAogICAg ICAgICAgICAgICAgIHRoaXMsIFNMT1Qodmlld1N0YXR1c0NoYW5nZWQoUURlY2xhcmF0aXZlVmll dzo6U3RhdHVzKSkpOwogICAgICAgICB2aWV3LT5zZXRXaW5kb3dGbGFncyhRdDo6WDExQnlwYXNz V2luZG93TWFuYWdlckhpbnQpOwo=