Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security] Locker can be bypassed in multi-screen layouts #158

Closed
phocean opened this issue Jun 5, 2018 · 5 comments
Closed

[Security] Locker can be bypassed in multi-screen layouts #158

phocean opened this issue Jun 5, 2018 · 5 comments

Comments

@phocean
Copy link

@phocean phocean commented Jun 5, 2018

Expected behaviour

The locker is a critical component of the computer security that should not be bypassed in any way.

The screen should remain locked, whatever hardware event may occur.

Actual behaviour

Once in a few times, the screen would be unrevealed.

In that case, keyboard entries are ignored, but the mouse can operate at will.
The GUI can be controlled during a few seconds, it seems that there is a timer (~ 15 seconds) until mate-screensaver can lock it back.

I suggest a fix or the possibility for the user to use an alternative and more robust solution.
XFCE somehow offers that, as it looks for several lockers subsequently (including xscreensaver, slock, dm locker, etc.).

Steps to reproduce the behaviour

  1. Lock the session
  2. Plug in and out a few times some external monitor. The issue appears to be more frequent in layout with two external screens (HDMI + Dual port)
  3. Once in a few times, the screen would be unrevealed.

In that case, keyboard entries are ignored, but the mouse can operate at will.
The GUI can be controlled during a few seconds, it seems that there is a timer (~ 15 seconds) until mate-screensaver can lock it back.

MATE general version

MATE 1.20.1

Package version

mate-screensaver 1.20.0

Linux Distribution

Ubuntu 18.04 LTS 64-bit

@phocean

This comment has been minimized.

Copy link
Author

@phocean phocean commented Jun 5, 2018

My xrandr layout, in case it helps.

xrandr.txt

@sehucke

This comment has been minimized.

Copy link

@sehucke sehucke commented Sep 8, 2018

This seems to be a major security issue.

See https://forums.linuxmint.com/viewtopic.php?f=206&t=273611&p=1499700

@raveit65

This comment has been minimized.

Copy link
Member

@raveit65 raveit65 commented Sep 8, 2018

1.20.2 is released.

@raveit65 raveit65 closed this Sep 8, 2018
@jeenuv

This comment has been minimized.

Copy link

@jeenuv jeenuv commented Sep 9, 2018

Any idea when the 1.20.2 is going to reach the repositories, or whom to ping? I'm on Mint 19 (Tara), the latest it's got is 1.20.0-1.

@raveit65

This comment has been minimized.

Copy link
Member

@raveit65 raveit65 commented Sep 9, 2018

Any idea when the 1.20.2 is going to reach the repositories, or whom to ping? I'm on Mint 19 (Tara), the latest it's got is 1.20.0-1.

You need to ask your maintainer from linuxmint about, we're are only upstream.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.