[Bug 1264821] [NEW] kscreenlock_greet insecure with multiple X screens

TJ ubuntu at iam.tj
Sun Dec 29 12:11:41 UTC 2013 

Public bug reported:

When using multiple X screens (3 in this case), kscreenlocker-greet
behaves very badly and insecurely.

It appears to be drawing the desktop background image/screensaver images
for all three X screens to the primary screen (0) and doesn't
blank/screensave the monitors belonging to screens 1 and 2 (which leaves
their contents in view), and it displays 2, maybe 3 greeter dialogs (1
may be hidden) on the primary X screen, but only accepts typed password
input in 1 of them (the primary X screen's dialog).

Reading the source-code at

ksmserver/screenlocker/greeter/greeterapp.cpp::UnlockApp::desktopResized()

it appears to iterate the screens via desktop()->screenCount() but
assumes there is only one X display when showing the ScreenSaverWindow.

There may be an underlying dependencies on the QT libraries that
cause/affect this but someone familiar with the code would need to
investigate it.

** Affects: kde-workspace (Ubuntu)
     Importance: Undecided
         Status: New

** Description changed:

  When using multiple X screens (3 in this case), kscreenlocker-greet
  behaves very badly and insecurely.
  
  It appears to be drawing the desktop background image/screensaver images
  for all three X screens to the primary screen (0) and doesn't
  blank/screensave the monitors belonging to screens 1 and 2 (which leaves
  their contents in view), and it displays 2, maybe 3 greeter dialogs (1
  may be hidden) on the primary X screen, but only accepts typed password
  input in 1 of them (the primary X screen's dialog).
  
- Reading the source-code at ksmserver/screenlocker/greeter/
- UnlockApp::desktopResized() it appears to iterate the screens via
- desktop()->screenCount() but assumes there is only one X display when
- showing the ScreenSaverWindow.
+ Reading the source-code at
+ 
+ ksmserver/screenlocker/greeter/greeterapp.cpp::UnlockApp::desktopResized()
+ 
+ it appears to iterate the screens via desktop()->screenCount() but
+ assumes there is only one X display when showing the ScreenSaverWindow.
  
  There may be an underlying dependencies on the QT libraries that
  cause/affect this but someone familiar with the code would need to
  investigate it.

-- 
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to kde-workspace in Ubuntu.
https://bugs.launchpad.net/bugs/1264821

Title:
  kscreenlock_greet insecure with multiple X screens

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/kde-workspace/+bug/1264821/+subscriptions

More information about the kubuntu-bugs mailing list