[Bug 394691] Re: Security hole in screensaver! Exposes screen/desktop image even if screen is LOCKED. nvidia, intel gfx; Old bug.

2009-12-17 Thread Sense Hofstede 
Thank you for helping with making Ubuntu better by reporting this bug.
The reason this bug didn't get a lot of attention is probably because it
was reported without a package. It is most likely an issue in GNOME
Screensaver, so I'm assigning it to that package to make sure the right
people can find the bug.

I can't confirm this myself, my graphics card is an nVidia as well.
Is there anything specific to your installation that could cause this? I would 
also like to know if you could provide any other information regarding the 
cause of the bug and the method for reproducing this bug on other systems.

It doesn't seem likely to me, but could it in any way be related to the
following bug reported against GNOME:
?

I'm unassigning you because it has been more than a month since you've
assigned yourself to this bug. Please don't let this prevent you from
contributing solutions.

** Bug watch added: GNOME Bug Tracker #593616
   https://bugzilla.gnome.org/show_bug.cgi?id=593616

** Package changed: ubuntu => gnome-screensaver (Ubuntu)

** Changed in: gnome-screensaver (Ubuntu)
   Status: Confirmed => Incomplete

** Changed in: gnome-screensaver (Ubuntu)
 Assignee: LimCore (limcore) => (unassigned)

** Summary changed:

- Security hole in screensaver! Exposes screen/desktop image even if screen is 
LOCKED. nvidia, intel gfx; Old bug.
+ parts of desktop visible when screen is locked (nvidia, intel)

-- 
parts of desktop visible when screen is locked (nvidia, intel)
https://bugs.launchpad.net/bugs/394691
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 394691] Re: Security hole in screensaver! Exposes screen/desktop image even if screen is LOCKED. nvidia, intel gfx; Old bug.

2009-11-08 Thread LimCore 
Ok I will try to resolve this problem  (but fell free to apply a fix if
you have it ready)

** Changed in: ubuntu
 Assignee: (unassigned) => LimCore (limcore)

-- 
Security hole in screensaver! Exposes screen/desktop image even if screen is 
LOCKED. nvidia, intel gfx; Old bug.
https://bugs.launchpad.net/bugs/394691
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 394691] Re: Security hole in screensaver! Exposes screen/desktop image even if screen is LOCKED. nvidia, intel gfx; Old bug.

2009-11-08 Thread LimCore 
So... can we just put there code to always at each occasion clear entire
background with a big rectangle?

Or is there some reason to keep this security bug around?

Local access = silent access to see part of content of screen before
lock.

-- 
Security hole in screensaver! Exposes screen/desktop image even if screen is 
LOCKED. nvidia, intel gfx; Old bug.
https://bugs.launchpad.net/bugs/394691
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 394691] Re: Security hole in screensaver! Exposes screen/desktop image even if screen is LOCKED. nvidia, intel gfx; Old bug.

2009-10-25 Thread LimCore 
Confirmed on 2 laptops and 3 pc's.  All laptops where using LVDS+VGA and 
switching resolutions;
Or PCs where using 2 desktop users VT7, VT9, starting full screen programs, 
switching between the desktops and resolutions.

** Changed in: ubuntu
   Status: Incomplete => Confirmed

-- 
Security hole in screensaver! Exposes screen/desktop image even if screen is 
LOCKED. nvidia, intel gfx; Old bug.
https://bugs.launchpad.net/bugs/394691
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 394691] Re: Security hole in screensaver! Exposes screen/desktop image even if screen is LOCKED. nvidia, intel gfx; Old bug.

2009-10-25 Thread LimCore 
It happens on nividias (tested afair something like 5200fx, 7200? and
gts 220?), it also happens on intels (various i945-like).

To trigger it:
1. Wait until screen saver starts (the default black one)
2. Move mouse, you will see that the black rectangle covers only PART of the 
screen (from 0,0 top-left, to some other point)

This happens sometimes, it seems that it helps if:
1. you are using few VTs, like VT-7, VT-9 - login as second desktop user at 
same time (switch user)
2. you are changing video resolutions (start some fullscreen program, best a 3d 
game and switch resolutions a bit)
3. it also helps a lot if you use 2 outputs like LVDS + VGA on linux (then, on 
intell, it happens very often).

If it doesnt happen then try again later. 
It happens around 1 per few days of using (switching desktops/resolutions few 
times a day)
It happens more often afair on the dual headed laptops (2 displays different 
resolution)

In either way,  there should be some naive code like I written previously,  
with rectangle drawing or something right?
So just change it to always draw a HUGE rectangle, because the problem 
apparently is because screen saver has the wrong (old, smaller) dimensions of 
the screen remembered!

Just make it draw huge rect and done.


Or better, why is so naive implementation used,  there should be something 
dedicated in X server, like stoping rendering of all other windows or something 
 (in example, the clock keeps running / refreshing if it "sticks out" from the 
too-small black rectangle of screensaver. Why it refreshes at all?!)

-- 
Security hole in screensaver! Exposes screen/desktop image even if screen is 
LOCKED. nvidia, intel gfx; Old bug.
https://bugs.launchpad.net/bugs/394691
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 394691] Re: Security hole in screensaver! Exposes screen/desktop image even if screen is LOCKED. nvidia, intel gfx; Old bug.

2009-10-24 Thread Marc Deslauriers 
It would help if we could reproduce the issue.

Could you please give detailed steps, including which game and graphics
modes that are needed to reproduce this?


** Changed in: ubuntu
   Status: Confirmed => Incomplete

-- 
Security hole in screensaver! Exposes screen/desktop image even if screen is 
LOCKED. nvidia, intel gfx; Old bug.
https://bugs.launchpad.net/bugs/394691
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 394691] Re: Security hole in screensaver! Exposes screen/desktop image even if screen is LOCKED. nvidia, intel gfx; Old bug.

2009-10-24 Thread LimCore 
This happens still.

Exploit in damn screensaver is known for at least 3 months (I also seen
and probably reported, as did others, such problems year+ ago).

Is there some contest for longest-unpatched-exploit?

While it is fun to be able to access co'workers / students / family
members / etc  LOCKED desktop to see what was on the screen, I guess
this should be fixed. Or not?

-- 
Security hole in screensaver! Exposes screen/desktop image even if screen is 
LOCKED. nvidia, intel gfx; Old bug.
https://bugs.launchpad.net/bugs/394691
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 394691] Re: Security hole in screensaver! Exposes screen/desktop image even if screen is LOCKED. nvidia, intel gfx; Old bug.

2009-08-25 Thread LimCore 
max(...)

-- 
Security hole in screensaver! Exposes screen/desktop image even if screen is 
LOCKED. nvidia, intel gfx; Old bug.
https://bugs.launchpad.net/bugs/394691
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 394691] Re: Security hole in screensaver! Exposes screen/desktop image even if screen is LOCKED. nvidia, intel gfx; Old bug.

2009-08-25 Thread LimCore 
Guys, an easy (trivial!) solution would be to just make the screensaver
always clear some huge area, not just the eare which it /thinks/ is
vissible.

I guess something like...
- rectfill(screen, 0, 0, screen_w, screen_h, 0);
+ rectfill(screen, 0, 0, 9, 9, 0);

or better:  min(screen_w,9)  so we are year 2020 compatible here ;)

-- 
Security hole in screensaver! Exposes screen/desktop image even if screen is 
LOCKED. nvidia, intel gfx; Old bug.
https://bugs.launchpad.net/bugs/394691
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 394691] Re: Security hole in screensaver! Exposes screen/desktop image even if screen is LOCKED. nvidia, intel gfx; Old bug.

2009-08-25 Thread LimCore 
This happens still;

One case to trigger it, is for first play some fullscreen game that
switches resolution.

Then also I use VT7, -8, -9 (several X sessions).

In such use case, around 1 in 10 uses, the bug appears.

-- 
Security hole in screensaver! Exposes screen/desktop image even if screen is 
LOCKED. nvidia, intel gfx; Old bug.
https://bugs.launchpad.net/bugs/394691
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 394691] Re: Security hole in screensaver! Exposes screen/desktop image even if screen is LOCKED. nvidia, intel gfx; Old bug.

2009-07-08 Thread LimCore 
That bug #220226 seems to be a combination of
1. this bug (not clearing entire screen)
2. and nvidia (mostly) showing unitiliaized memory bug (which I also reported)

-- 
Security hole in screensaver! Exposes screen/desktop image even if screen is 
LOCKED. nvidia, intel gfx; Old bug.
https://bugs.launchpad.net/bugs/394691
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 394691] Re: Security hole in screensaver! Exposes screen/desktop image even if screen is LOCKED. nvidia, intel gfx; Old bug.

2009-07-05 Thread Isaac Dupree 
is this dup of / related to bug #220226 ?

-- 
Security hole in screensaver! Exposes screen/desktop image even if screen is 
LOCKED. nvidia, intel gfx; Old bug.
https://bugs.launchpad.net/bugs/394691
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 394691] Re: Security hole in screensaver! Exposes screen/desktop image even if screen is LOCKED. nvidia, intel gfx; Old bug.

2009-07-03 Thread Marc Deslauriers 
** Changed in: ubuntu
   Importance: Undecided => Medium

** Changed in: ubuntu
   Status: New => Confirmed

-- 
Security hole in screensaver! Exposes screen/desktop image even if screen is 
LOCKED. nvidia, intel gfx; Old bug.
https://bugs.launchpad.net/bugs/394691
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 394691] Re: Security hole in screensaver! Exposes screen/desktop image even if screen is LOCKED. nvidia, intel gfx; Old bug.

2009-07-02 Thread LimCore 
** Summary changed:

- [9.04 amd64 + nvidia = FAIL] security hole in screensaver
+ Security hole in screensaver! Exposes screen/desktop image even if screen is 
LOCKED. nvidia, intel gfx; Old bug.

** Description changed:

  When running screen saver, attacker having physical access to the
  LOCKED  computer, can see what was on our screen that we locked (i.e.
  important document, email with passwords, etc etc).
  
  1. run screensaver 
  2. move the mouse 
  
- This bug bring so many memories!
+ This bug brings back so many memories!
+ I remember reporting it around 2008, and also in 2007 (in debian probably).
  
- I remember reporting it around 2008, and also in 2007.
+ * Drivers: seen it on Intel GFX (i945, and GM960) ; and on nvidia
  
- But no need to rush too much, we can wait few more years.
+ * X software: back in 2007 I definatelly didnt used no compiz/bery/etc
+ (it was on Debian then) . Now on Ubuntu I seen it with the default
+ settings, on nvidia binary driver.
+ 
+ Triggering: this occured very often if I had 2 monitors (laptop + external 
VGA) in other resolution.
+ Now, on PC, I seen it so far 1 during 3 days, will test more.
  
  Ubuntu 9.04 amd64, nvidia driver, gnome default.
  
- Probably using nvidia  and/or  running fullscreen program or switching
- otherwise the resolution is a factor to reproduce this problem.
+ Probably running fullscreen programs or switching otherwise the
+ resolution is a factor to reproduce this problem.

** Tags added: screensaver security
** Tags removed: dnf fail snail

-- 
Security hole in screensaver! Exposes screen/desktop image even if screen is 
LOCKED. nvidia, intel gfx; Old bug.
https://bugs.launchpad.net/bugs/394691
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs