Public bug reported: [Impact] When the screen is locked, connecting an external monitor causes the lock screen to appear on the new monitor, but not on the existing monitor, revealing the contents of the desktop contents of that monitor. A potential attacker can see the contents, but not interact with them without unlocking the system.
[Test Case] Use Ubuntu 20.04 with the Regolith desktop environment. gnome-flashback version: 3.36.3-0ubuntu1 Lock screen, attach second monitor. This behavior has been observed by myself in the Regolith desktop environment (uses i3), where it shows one of the i3 workspaces. There may also be other desktop environments affected. Expected behavior is obviously the contents of the desktop should remain hidden. [Regression Potential] Unknown. However, the patch seems trivial and specific for this issue. [Other Info] Original Regolith bug report: https://github.com/regolith-linux/regolith-desktop/issues/455 Upstream gnome-flashback has a fix, see this commit: https://gitlab.gnome.org/GNOME/gnome-flashback/-/commit/cdc534a3b0f4abe4e02a5397466ae094ee3d7fdc I tested this fix myself (single patch on top of the current gnome-flashback Ubuntu sources) and it solves the issue for me, see discussion on Github. ** Affects: gnome-flashback (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1891855 Title: Connecting external monitor while screen is locked reveals desktop To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-flashback/+bug/1891855/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs