Bug#689398: gnome-screensaver: Application window becomes visible if a dialog box is displayed while desktop is locked

Mike Crowe mac at mcrowe.com
Tue Oct 2 08:48:11 UTC 2012 

Package: gnome-screensaver
Version: 3.4.1-1
Severity: important

I run gnome 3 with two monitors in "workspaces only on primary monitor" mode
with dynamic workspaces disabled. I also have my dialog boxes configured to be
attached to their parent window. I run with all my windows maximised.

Steps to reproduce:

1. Write the following to a file accessible a web server somewhere:

 <html>
 <script>
 setTimeout(function() { alert("my message"); }, 10000);
 </script>
 <body>
 Hello
 </body>
 </html>

(This basically just causes a message popup after ten seconds.)

2. Visit the URL in Chromium.

3. Within the ten seconds lock your desktop.

4. Wait for the ten seconds to elapse.

5. Notice that the Chromium window appears (although the message box does not.)

6. Notice that you cannot interact with the Chromium window even though it is
visible.

7. Notice that moving the mouse does not display the unlock dialog.

8. Notice that pressing an arbitrary key does not display the unlock dialog.

9. Pressing Escape does display the unlock dialog (luckily.)

Expected results:

The desktop remains locked with no applications visibile. Moving the mouse or
pressing any key displays the unlock dialog.


I originally spotted this problem when returning to my locked machine in the
morning after Google Calendar had displayed an event reminder overnight. In
these cases it was sometimes a completely different application that was
visible. In several cases it was LibreOffice Calc. I couldn't reproduce this
effect using the method described above.

I believe that this bug is quite serious since it could reveal confidential
information.



-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages gnome-screensaver depends on:
ii  dbus-x11                   1.6.0-1
ii  dpkg                       1.16.8
ii  gnome-icon-theme           3.4.0-2
ii  gnome-session-bin          3.4.2.1-2
ii  gsettings-desktop-schemas  3.4.2-1
ii  libc6                      2.13-35
ii  libcairo2                  1.12.2-2
ii  libdbus-1-3                1.6.0-1
ii  libdbus-glib-1-2           0.100-1
ii  libgdk-pixbuf2.0-0         2.26.1-1
ii  libglib2.0-0               2.32.3-1
ii  libgnome-desktop-3-2       3.4.2-1
ii  libgnomekbd7               3.4.0.2-1
ii  libgtk-3-0                 3.4.2-3
ii  libpam0g                   1.1.3-7.1
ii  libx11-6                   2:1.5.0-1
ii  libxext6                   2:1.3.1-2
ii  libxklavier16              5.2.1-1
ii  libxxf86vm1                1:1.1.2-1

Versions of packages gnome-screensaver recommends:
ii  gnome-power-manager   3.4.0-2
ii  libpam-gnome-keyring  3.4.1-5

gnome-screensaver suggests no packages.

-- no debconf information

More information about the pkg-gnome-maintainers mailing list