Bug 201777 - Lock Screen security hole with compositing enabled
Summary: Lock Screen security hole with compositing enabled
Status: RESOLVED DUPLICATE of bug 177495
Alias: None
Product: kwin
Classification: Plasma
Component: general (show other bugs)
Version: unspecified
Platform: Compiled Sources Linux
: NOR normal (vote)
Target Milestone: ---
Assignee: KWin default assignee
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-07-28 15:39 UTC by Benjamin Dietrich
Modified: 2009-07-29 16:50 UTC (History)
1 user (show)

See Also:
Latest Commit:
Version Fixed In:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Benjamin Dietrich 2009-07-28 15:39:27 UTC
Version:            (using Devel)
OS:                Linux
Installed from:    Compiled sources

With compositing enabled, after locking the screen (and no screensaver is configured) and somebody moves the mouse there is a short time where the actual desktop is displayed after the screen gets dark again and asks for a password. If somebody would set up a camera and then move the mouse he could grab a screenshot...
Comment 1 Benjamin Dietrich 2009-07-28 15:43:40 UTC
Configuring/selecting a screensaver actually does not solve the problem...
Comment 2 Martin Flöser 2009-07-29 09:00:47 UTC
could you please try if this is related to bug #177495?
Comment 3 Thomas Lübking 2009-07-29 14:55:04 UTC
just tested w/ and w/o UnredirectFullscreen=false - so yes, it is.

*** This bug has been marked as a duplicate of bug 177495 ***
Comment 4 Benjamin Dietrich 2009-07-29 15:47:14 UTC
BUt i don't get flickering fullscreen applications on any of the 2 tested machines.....
Comment 5 Thomas Lübking 2009-07-29 16:50:13 UTC
the flicker oly occurs when you open another window (dialog/popup) and thus the fullscreen window gets re-redirected (and re-undirected after the other window closed)

edit
"~/.kde/share/config/kwinrc" (it might be ~/.kde4/... on your distro)

find the section
[Compositing]

add a key
UnredirectFullscreen=false

reconfigure kwin (konsole)
qdbus org.kde.kwin /KWin reconfigure

test whether the screenlocker issue persists