226698 – Kscreensaver fails by pressing enter --> SECURITY BUG

Bug 226698 - Kscreensaver fails by pressing enter --> SECURITY BUG

Summary: Kscreensaver fails by pressing enter --> SECURITY BUG

Status:	RESOLVED DUPLICATE of bug 217882

Alias:	None

Product:	kscreensaver
Classification:	Miscellaneous
Component:	general (show other bugs)
Version:	unspecified
Platform:	Arch Linux Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	kscreensaver bugs tracking

URL:
Keywords:

Depends on:
Blocks:

Reported:	2010-02-13 17:21 UTC by Chuck
Modified:	2010-02-13 17:52 UTC (History)
CC List:	0 users

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Chuck 2010-02-13 17:21:54 UTC

Version:            (using KDE 4.4.0)
Compiler:          GCC 4.4.3 
OS:                Linux
Installed from:    Archlinux Packages

I saw this article related to Gnome's screenlock being broken: http://www.h-online.com/security/news/item/GNOME-screen-lock-ineffective-in-openSUSE-Linux-Update-928794.html

Using KDE 4.4 I can reproduce the same behavior.  Using several different screensavers, including the blank screen mode, and with compositing turned on or off it is possible to crash the screen-lock program simply by pressing enter.

Steps to reproduce:
  1. Lock the screen
  2. Press <enter> several times.  Pressing & holding is also effective.  The screen lock does not always fail immediately, but in less than a minute this bug is 100% reproducible and allows access to the desktop.
  3. Other keys may help crash it as well, but I only need to press enter to reproduce the bug.


Suggested Solution:
  Trap input events better so that the program cannot crash.  Institute a timer so that there is a delay between when the program will accept user input.

Comment 1 Pino Toscano 2010-02-13 17:52:53 UTC


*** This bug has been marked as a duplicate of bug 217882 ***