Screensaver in KDE 4.2 (was: Random questions about KDE4.2)

In <200906101232.13509.zarl_jo@...>, Johannes Zarl wrote:
>4) Screensaver/screen lock:
>For some reason, the screen lock doesn't activate the screensaver. I.e.
> when my screen is locked (either via Ctrl-Alt-L or via time-delay in the
> screensaver itself), once I touch the mouse (and wait for the screen-lock
> window to disappear) I can see the screen contents as seen before the
> screen got locked.
>I couldn't find a bug related to this one, so maybe I will file one. Or
> did I just overlook a config-option somewhere in the screensaver-setup?

Please file this as a bug.  Being able to view what the user was working on
when the screen is supposed to be locked (unless they opted in) is a
security issue.  I've seen similar, but only for a small period of time.  
I.e. I would move my mouse and see my normal desktop for just "a second" and
then the screensaver would blank the screen and begin drawing.  That wasn't
enough to concern me.  If you can see the unprotected desktop for enough
time to take a digital photo, it could result in a compromise.
--
Boyd Stephen Smith Jr.           ,= ,-_-. =.
bss@...             ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-'
http://iguanasuicide.net/            \_/

On Wed, Jun 10, 2009 at 10:33:58AM -0500, Boyd Stephen Smith Jr. wrote:
> I've seen similar, but only for a small period of time.  
> I.e. I would move my mouse and see my normal desktop for just "a second" and
> then the screensaver would blank the screen and begin drawing.  That wasn't
> enough to concern me.  If you can see the unprotected desktop for enough
> time to take a digital photo, it could result in a compromise.

If the system is just loaded enough, "a small period of time" could be
"several seconds". This shouldn't happen.

Greetings
Marc

--
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 3221 2323190


--
To UNSUBSCRIBE, email to debian-security-REQUEST@...
with a subject of "unsubscribe". Trouble? Contact listmaster@...

* Boyd Stephen Smith, Jr.:

I see this with KDE 3, too, with the blank screen server.  The screen
is locked (and moving the mouse shows a password prompt), but not
actually blanked.


--
To UNSUBSCRIBE, email to debian-security-REQUEST@...
with a subject of "unsubscribe". Trouble? Contact listmaster@...

In <87ws7gavpe.fsf@...>, Florian Weimer wrote: I don't remember it happening on KDE 3, but I don't have a current KDE 3
system to test.

I'm not using the blank screen saver on KDE 4.2.  I am using Vermiculate.
--
Boyd Stephen Smith Jr.           ,= ,-_-. =.
bss@...             ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-'
http://iguanasuicide.net/            \_/