After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 609337 - CVE-2010-0414 gnome-screensaver: loses its unlock dialog and keyboard grab sometimes when unplugging monitor
CVE-2010-0414 gnome-screensaver: loses its unlock dialog and keyboard grab so...
Status: RESOLVED FIXED
Product: gnome-screensaver
Classification: Deprecated
Component: general
unspecified
Other Linux
: Normal normal
: ---
Assigned To: gnome-screensaver maintainers
gnome-screensaver maintainers
Depends on:
Blocks:
 
 
Reported: 2010-02-08 15:51 UTC by Ray Strode [halfline]
Modified: 2010-02-08 16:03 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
Migrate lock dialog and keyboard grab to attached head when they would otherwise get dropped (2.54 KB, patch)
2010-02-08 15:51 UTC, Ray Strode [halfline]
committed Details | Review

Description Ray Strode [halfline] 2010-02-08 15:51:33 UTC
Created attachment 153272 [details] [review]
Migrate lock dialog and keyboard grab to attached head when they would otherwise get dropped

Under certain circumstances it is possible to circumvent the security of screen
locking functionality of gnome-screensaver by changing the systems physical
monitor configuration.

Steps to reproduce:

1) Lock screen
2) Move mouse to removable monitor
3) hit escape key to cancel unlock dialog
4) move mouse to bring up unlock dialog on new head
5) unplug monitor
6) quickly hit keys on the keyboard

At this point gnome-screensaver will either crash, or show a black screen.  If
it shows a black screen then hitting "alt-f2" and then typing "pkill -f
gnome-screensaver" will bring you to the session.
Comment 2 Ray Strode [halfline] 2010-02-08 16:03:24 UTC
Downstream report: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0414