Bug 246623 - Screensaver "require password to stop" setting does not hide desktop when password entry dialog is displayed.
Summary: Screensaver "require password to stop" setting does not hide desktop when pas...
Alias: None
Product: kscreensaver
Classification: Miscellaneous
Component: locker (show other bugs)
Version: 0.2
Platform: Ubuntu Linux
: NOR normal
Target Milestone: ---
Assignee: kscreensaver bugs tracking
: 249417 270957 (view as bug list)
Depends on:
Reported: 2010-08-03 17:57 UTC by art alexion
Modified: 2013-04-10 18:04 UTC (History)
11 users (show)

See Also:
Latest Commit:
Version Fixed In: 4.10


Note You need to log in before you can comment on or make changes to this bug.
Description art alexion 2010-08-03 17:57:45 UTC
Version:           0.2 (using KDE 4.4.2) 
OS:                Linux

This is a security setting.  The expected behavior is that an unauthorized person will not be able to view the desktop if the password isn't entered.  With the current behavior, the desktop is revealed; interaction is prevented, but private information open is revealed.

Reproducible: Always

Steps to Reproduce:
Go to system settings>Desktop>Screen Saver.  Activate the screensaver.  Check the box "Require password to stop".  Activate screen saver.  move mouse or tap keyboard to stop screensaver.  Desktop is revealed, and password entry box becomes modal over the system.

This happens with blank screen screensaver.  Others not tested.

Actual Results:  
The behavior revealing the screen, even before the password is entered, makes this of limited security value.

Expected Results:  
That some other visual obscures the screen.  For example, Gnome continues to show only a blank screen and the password entry dialog.  Windows shows some variation of the login screen. 

OS: Linux (x86_64) release 2.6.32-24-generic
Compiler: cc

I think this is a security bug.
Comment 1 Oswald Buddenhagen 2010-10-23 23:47:42 UTC
i think bug 183496 comment 8 describes the same problem. like bug 183496 itself, it is possibly also related to compositing (please try disabling it and report back), but is a different issue as such (x server/driver bugs have been suggested - what graphics card + driver are you using?).
Comment 2 Oswald Buddenhagen 2010-10-23 23:49:52 UTC
*** Bug 249417 has been marked as a duplicate of this bug. ***
Comment 3 art alexion 2010-10-24 01:13:25 UTC
I upgraded to Kubuntu 10.10 and no longer see this behavior.
Comment 4 Maarten Bezemer 2011-04-16 15:44:11 UTC
I can confirm this behavior.
I happens frequently (not always), I do not know what triggers this behavior...

When I leave my office at work I just the lid of my laptop in order to lock the session, Sometimes when I come back I can see my entire desktop before logging into the locked session.

Running Kubuntu 10.10 / KDE 5.4.1
Using an ATI video card with fglrx package version 2:8.780
Comment 5 Maarten Bezemer 2011-04-16 15:46:43 UTC
LP #474654 https://bugs.launchpad.net/kdebase/+bug/474654
Comment 6 Oswald Buddenhagen 2011-06-02 16:32:20 UTC
*** Bug 270957 has been marked as a duplicate of this bug. ***
Comment 7 art alexion 2012-01-06 12:40:42 UTC
There seems to be a regression with Kubuntu 11.10/KDE 4.7
Comment 8 Kevin Kofler 2012-06-30 20:53:28 UTC
Also reported in Fedora as https://bugzilla.redhat.com/show_bug.cgi?id=677345 .
Comment 9 auxsvr 2012-10-19 22:08:48 UTC
Apart from this, occasionally the password box remains visible after unlocking on 4.9.2. One way to make it disappear is to disable compositing.
Comment 10 Mathias 2013-01-04 12:03:32 UTC
it still occurs here (KDE 4.9.3) that from time to time the desktop becomes visible when the computer resumes from suspend or screensaver and asks for the password.
(quite like bug 183496: https://bugs.kde.org/show_bug.cgi?id=183496, but that one is only about showing the desktop for a fracture of a second)
condition: desktop effects activated
Comment 11 Stephan Diestelhorst 2013-01-29 23:26:55 UTC
I can confirm both oddities mentioned here:
* screen visible upon unlock
* password box remains on screen after unlock

Both issues go away when disabling compositing.  

This is

[   187.843] (II) AMD Proprietary Linux Driver Version Identifier:9.00.2
[   187.843] (II) AMD Proprietary Linux Driver Release Identifier: 9.002                                
[   187.844] (II) AMD Proprietary Linux Driver Build Date: Sep 28 2012 15:32:36
[   189.301] (--) fglrx(0): Chipset: "AMD Radeon HD 6310 Graphics" (Chipset = 0x9802)
[   189.301] (--) fglrx(0): (PciSubVendor = 0x17aa, PciSubDevice = 0x21df)

a AMD E-350 APU (Brazos).

KDE is at 4.9.5, a Kubuntu 12.04.1 LTS system, Kwin is also at 4.9.5.
Comment 12 Mathias 2013-04-02 12:27:53 UTC
for me this is fixed with 4.10, there has been a new implementation of the lock screen. no disclosure of desktop anymore. thanks, KDE guys.
Comment 13 Oliver Henshaw 2013-04-10 18:04:05 UTC
The new screen locker should indeed resolve this; if you still see a problem in 4.10, please file a new bug.