Bug 205798

Summary: Evil cats cause DoS sleeping on keyboard while KDE is on screensaver
Product: [Plasma] krunner Reporter: Jonathan Thomas <echidnaman>
Component: generalAssignee: Plasma Bugs List <plasma-bugs-null>
Status: RESOLVED DUPLICATE    
Severity: normal CC: dominik.tritscher, wilderkde
Priority: NOR    
Version First Reported In: unspecified   
Target Milestone: ---   
Platform: Ubuntu   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description Jonathan Thomas 2009-08-31 16:00:05 UTC 
Version:            (using KDE 4.3.0)
OS:                Linux
Installed from:    Ubuntu Packages

Forwarded from https://launchpad.net/bugs/376253

Original report:
"If the KDE Desktop is allowed to blank the screen and lock itself, and an object (usually a cat, but occasionally a malicious attacker) then rests on the keyboard causing the password prompt to appear, the password entry routine will hang once sufficient key repeats have happened.

The user cannot then unlock the KDE desktop.

As a temporary fix I have SSH'd into colleagues machines and killed the krunner_lock process.

This was noted on current Jaunty 9.04 installations with both USB and internal laptop keyboards.

Technically this may be considered a security issue as it bears all the hallmarks of a DoS attack."

[My comments] It probably is barely only a security issue at all, but krunner_lock should probably not hang if too many characters are typed. There's also a duplicate at the Launchpad bug, so this probably is a valid issue. Plus we must protect ourselves from our future cat overlords ;-)
Comment 1 Dominik Tritscher 2009-09-18 18:07:46 UTC 
I can confirm this issue, testing with KDE 4.3.1 from kubuntu packages. After around 5min entering characters (couldn't found a cat, had to use something else ;) kscreenlocker was causing some 80% CPU load. After I stopped entering characters, the CPU load doesn't went down again.
Comment 2 Jacopo De Simoi 2010-01-09 13:06:25 UTC 

*** This bug has been marked as a duplicate of bug 202981 ***