Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Incomplete locking when run on Wayland #21

Closed
javixeneize opened this issue Feb 26, 2019 · 5 comments

Comments

Projects
None yet
2 participants
@javixeneize
Copy link

commented Feb 26, 2019

Hi

I have installed pyxtrlock in a fedora laptop, and, when executing it, the browser is displayed with the padlock and i cant do anything on it, great...

But, if i hit any keyboard shortcut, or if i hit the activity bar with the mouse, i can still use the computer as normal. It looks like it only blocks the interaction of the keyboard with the browser

Am i doing something wrong? Is there any config i need to apply?

Thanks

@leonnnn

This comment has been minimized.

Copy link
Owner

commented Feb 27, 2019

This sounds potentially worrying. Are you running on Wayland?

Our guess is that this could happen when pyxtrlock is run on Wayland through XWayland. XWayland probably doesn’t give us enough control to securely lock the screen, so there’s likely nothing we can do to fix this. pyxtrlock would have to be reimplemented as pywtrlock, targetting Wayland platforms.

We’ll update pyxtrlock to detect whether it’s running on Wayland and fail with an error message.

@javixeneize

This comment has been minimized.

Copy link
Author

commented Feb 27, 2019

Yes, we are using Wayland. It makes a lot of sense :)

Is there any way of making it compatible with Wayland?

Thanks

@leonnnn leonnnn changed the title Padlock displayed but keyboard not blocked Incomplete locking when run on Wayland Mar 6, 2019

@leonnnn leonnnn closed this in #22 Mar 6, 2019

@leonnnn

This comment has been minimized.

Copy link
Owner

commented Mar 6, 2019

Unfortunately not, sorry. For wayland, a similar screen locker would have to be implemented from scratch.

To avoid giving false security impressions, we’ve released pyxtrlock 0.4 with a patch that tries to detect non-X11 sessions and refuses to run if such a session is detected.

@javixeneize

This comment has been minimized.

Copy link
Author

commented Mar 6, 2019

@leonnnn

This comment has been minimized.

Copy link
Owner

commented Mar 6, 2019

It’s not a vulnerability in Wayland, pyxtrlock just is not designed to lock a wayland session. Pyxtrlock is purely designed to lock X11 sessions.

The CVE request is for pyxtrlock giving the false impression to securely lock the session, while input to non-X11 windows remains unlocked.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.