Skip to content
This repository has been archived by the owner on Nov 4, 2021. It is now read-only.

Incomplete locking when run on Wayland #21

Closed
javixeneize opened this issue Feb 26, 2019 · 5 comments
Closed

Incomplete locking when run on Wayland #21

javixeneize opened this issue Feb 26, 2019 · 5 comments

Comments

@javixeneize
Copy link

Hi

I have installed pyxtrlock in a fedora laptop, and, when executing it, the browser is displayed with the padlock and i cant do anything on it, great...

But, if i hit any keyboard shortcut, or if i hit the activity bar with the mouse, i can still use the computer as normal. It looks like it only blocks the interaction of the keyboard with the browser

Am i doing something wrong? Is there any config i need to apply?

Thanks

@leonnnn
Copy link
Owner

leonnnn commented Feb 27, 2019

This sounds potentially worrying. Are you running on Wayland?

Our guess is that this could happen when pyxtrlock is run on Wayland through XWayland. XWayland probably doesn’t give us enough control to securely lock the screen, so there’s likely nothing we can do to fix this. pyxtrlock would have to be reimplemented as pywtrlock, targetting Wayland platforms.

We’ll update pyxtrlock to detect whether it’s running on Wayland and fail with an error message.

@javixeneize
Copy link
Author

Yes, we are using Wayland. It makes a lot of sense :)

Is there any way of making it compatible with Wayland?

Thanks

@leonnnn leonnnn changed the title Padlock displayed but keyboard not blocked Incomplete locking when run on Wayland Mar 6, 2019
@leonnnn
Copy link
Owner

leonnnn commented Mar 6, 2019

Unfortunately not, sorry. For wayland, a similar screen locker would have to be implemented from scratch.

To avoid giving false security impressions, we’ve released pyxtrlock 0.4 with a patch that tries to detect non-X11 sessions and refuses to run if such a session is detected.

@javixeneize
Copy link
Author

javixeneize commented Mar 6, 2019 via email

@leonnnn
Copy link
Owner

leonnnn commented Mar 6, 2019

It’s not a vulnerability in Wayland, pyxtrlock just is not designed to lock a wayland session. Pyxtrlock is purely designed to lock X11 sessions.

The CVE request is for pyxtrlock giving the false impression to securely lock the session, while input to non-X11 windows remains unlocked.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants