New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
mate-screensaver does not maintain user lockout / screen lock under certain conditions #152
Comments
|
v1.20.0 happily unlocks the screensaver when I turn my monitor off and on. Here what happens when I turn off/on. ... |
|
@Safari77 , the log is unreadable in the GUI, attach it instead. |
|
sorry, wrong issue. |
|
@joakim-tjernlund select-all and |
|
no, I menat YOUR logs |
|
@joakim-tjernlund Me too |
|
In an attachment, I noted after adding my own logs quite some time ago, that reading these |
|
1.20.2 is released. |
|
This is CVE-2018-20681 |
Expected behaviour
mate-screensaver should keep the user's session locked until valid authentication has taken place (password entered, etc.)
Actual behaviour & steps to reproduce the behaviour
Do the following:
3.a. Bump the mouse or type a key on the keyboard before the displays have either been placed into power save mode or put to sleep:
< MATE presents the password prompt and the user's windows remain hidden until the password has been correctly entered. >
3.b. Bump the mouse or type a key on the keyboard after the displays have been put into power save mode, but before they have been put to sleep:
< MATE presents the unlock with password prompt, but displays (doesn't hide) the windows of your desktop. You cannot interact with the applications or windows until the password has been correctly entered, but the content is plainly visible as described by other users in this bug. >
3.c. Bump the mouse to type a key on the keyboard after the displays have been put to sleep:
< MATE blanks one display where the password dialog box would have been, the other is available for interaction WITHOUT having entered in the correct password. New applications can be launched, all applications may be used with the same privilege level of the user who had previously logged in and believed that their desktop was locked. >
MATE general version
1.19.3
Package version
Linux Distribution
Fedora 27
Link to downstream report of your Distribution
I may have to open a new bug with Fedora / RH since I didn't open this one originally --> https://bugzilla.redhat.com/show_bug.cgi?id=1397900
The text was updated successfully, but these errors were encountered: