Bug 201777

Summary: Lock Screen security hole with compositing enabled
Product: [Plasma] kwin Reporter: Benjamin Dietrich <summel>
Component: generalAssignee: KWin default assignee <kwin-bugs-null>
Status: RESOLVED DUPLICATE    
Severity: normal CC: aseigo
Priority: NOR    
Version First Reported In: unspecified   
Target Milestone: ---   
Platform: Compiled Sources   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description Benjamin Dietrich 2009-07-28 15:39:27 UTC 
Version:            (using Devel)
OS:                Linux
Installed from:    Compiled sources

With compositing enabled, after locking the screen (and no screensaver is configured) and somebody moves the mouse there is a short time where the actual desktop is displayed after the screen gets dark again and asks for a password. If somebody would set up a camera and then move the mouse he could grab a screenshot...
Comment 1 Benjamin Dietrich 2009-07-28 15:43:40 UTC 
Configuring/selecting a screensaver actually does not solve the problem...
Comment 2 Martin Flöser 2009-07-29 09:00:47 UTC 
could you please try if this is related to bug #177495?
Comment 3 Thomas Lübking 2009-07-29 14:55:04 UTC 
just tested w/ and w/o UnredirectFullscreen=false - so yes, it is.

*** This bug has been marked as a duplicate of bug 177495 ***
Comment 4 Benjamin Dietrich 2009-07-29 15:47:14 UTC 
BUt i don't get flickering fullscreen applications on any of the 2 tested machines.....
Comment 5 Thomas Lübking 2009-07-29 16:50:13 UTC 
the flicker oly occurs when you open another window (dialog/popup) and thus the fullscreen window gets re-redirected (and re-undirected after the other window closed)

edit
"~/.kde/share/config/kwinrc" (it might be ~/.kde4/... on your distro)

find the section
[Compositing]

add a key
UnredirectFullscreen=false

reconfigure kwin (konsole)
qdbus org.kde.kwin /KWin reconfigure

test whether the screenlocker issue persists