Public bug reported:
When switching between two user sessions with Gnome Screensaver, the
keystrokes of your password are sent to the Gnome Screensaver Lock
Screen and are also echoed into the focused application of the
underlying user session.
This bug only happens when switching between users using the steps
below. It does not happen for single-user unlocking, and it does not
happen when unlocking the same user twice.
If the focused application in the underlying session is an IRC client
like XChat your password keystrokes are echoed into it too, and the
password ends up sent to the current IRC channel. This all happens
while unlocking, before the lock screen is painted over by the session
windows. (I didn't believe this bug was possible until it affected me
twice in one week. This bug burned two of my login passwords in a row
by sending them to IRC. Very annoying.)
Here are the steps to reproduce this. I accidentally followed this
sequence both times:
1. User A and User B are both logged in. User B is running XChat.
2. Switch to User A's session.
3. Suspend the laptop.
4. Resume the laptop. User A lock screen is shown.
5. Press 'Switch User'. LightDM is shown.
6. Select User B in LightDM.
7. Type User B's password, press Enter.
8. User B is unlocked, the session screen is re-painted. The password is
visible in the IRC client backscroll, already sent to the channel.
Other observations:
* The system is under load while switching users. It is using swap space to
handle both simultaneous user logins. Switching between users takes a few
seconds: you can hear the HDD swapping and see loadavg climb while it does so.
* I am not 100% positive that the suspend/resume step is necessary to
reproduce this. It could be coincidence.
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: gnome-screensaver 3.4.1-0ubuntu1
ProcVersionSignature: Ubuntu 3.2.0-37.58-generic 3.2.35
Uname: Linux 3.2.0-37-generic x86_64
ApportVersion: 2.0.1-0ubuntu17.1
Architecture: amd64
Date: Mon Feb 25 20:33:59 2013
GnomeSessionIdleInhibited: No
GnomeSessionInhibitors: None
GsettingsGnomeSession:
org.gnome.desktop.session idle-delay uint32 600
org.gnome.desktop.session session-name 'ubuntu'
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Beta amd64 (20110915.1)
MarkForUpload: True
ProcEnviron:
LANGUAGE=en_CA:en
TERM=screen
PATH=(custom, no user)
LANG=en_CA.UTF-8
SHELL=/bin/bash
SourcePackage: gnome-screensaver
UpgradeStatus: Upgraded to precise on 2012-04-04 (327 days ago)
WindowManager: No value set for
`/desktop/gnome/session/required_components/windowmanager'
** Affects: gnome-screensaver (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug precise running-unity
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1133091
Title:
Screensaver password keystrokes are echoed into underlying apps
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-screensaver/+bug/1133091/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
