Public bug reported: Binary package hint: gnome-screensaver
By going to any of the ttys it is possible to terminate gnome- screensaver and gain access to the machine. Although ttys themselves are protected with passwords, these can be left unlocked accidentally, and running "killall gnome-screensaver" we can get rid of the dialog and gain full access to the computer. What I suggest is: A) Protect ttys after locking; also lock them with a password, or; B) Protect the process so that it requires sudo privileges to kill, like mysql/apache, or; C) Make sure some parent process which can't be terminated can pop up the gnome-screensaver when it is killed. Said process cannot be terminated, like suggestion A. I am typing this on my laptop which I just defeated using the aforementioned technique. ** Affects: gnome-screensaver (Ubuntu) Importance: Undecided Status: New ** Description changed: Binary package hint: gnome-screensaver By going to any of the ttys it is possible to terminate gnome- screensaver and gain access to the machine. Although ttys themselves are protected with passwords, these can be left unlocked accidentally, and running "killall gnome-screensaver" we can get rid of the dialog and gain full access to the computer. What I suggest is: A) Protect ttys after locking; also lock them with a password, or; B) Protect the process so that it requires sudo privileges to kill, like mysql/apache, or; - C) Make sure some parent process which can't be terminated can pop up the gnome-screensaver when called. + C) Make sure some parent process which can't be terminated can pop up the gnome-screensaver when it is killed. Said process cannot be terminated, like suggestion A. I am typing this on my laptop which I just defeated using the aforementioned technique. -- Ability to kill gnome-screensaver makes it easy to defeat the lock screen dialog https://bugs.launchpad.net/bugs/303637 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gnome-screensaver in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs