After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 707839 - Add a timeout when entering the user password
Add a timeout when entering the user password
Status: RESOLVED OBSOLETE
Product: gdm
Classification: Core
Component: general
3.4.x
Other Linux
: Normal normal
: ---
Assigned To: GDM maintainers
GDM maintainers
Depends on:
Blocks:
 
 
Reported: 2013-09-10 09:30 UTC by Laurent Bigonville
Modified: 2018-05-24 10:56 UTC
See Also:
GNOME target: ---
GNOME version: ---



Description Laurent Bigonville 2013-09-10 09:30:14 UTC
Hi,

With the following scenario, a user can see his default session being changed by a 3rd party and this could be confusing for him.

1) A "rogue" user is clicking on a user on the list
2) He change the session of the user and leave without pressing escape or cancel
3) The user arrive in front of his computer
4) He sees that his user is already selected and enter his password
5) The session selected by the rogue user is not his default session.

I think that adding a sensible timeout between 2) and 3) could mitigate this issue (without completely fixing it of course)

What do you think?
Comment 1 Laurent Bigonville 2013-09-10 09:31:16 UTC
See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721388#30 for the original bug report about this
Comment 2 Vincent Lefevre 2013-09-10 13:02:39 UTC
With gdm 3.4, the problem also occurs when I cancel (e.g. by clicking on "Cancel") or enter a wrong password, and reselect my user (between (3) and (4) above). The user is actually preselected by default as being the only one on the machine (but I cannot see it due to a display bug), but I need to type [Enter] to select it and type my password: this is where I can see that the session is always the same as the one selected before canceling (whether this is the last session I used at the last successful login or not).

Laurent cannot reproduce this, but he used gdm 3.8. So, a part of the problem may have been fixed between 3.4 and 3.8, and something else triggers the problem in the case where the user cancels first.

A timeout would probably be OK. Something else that could be done: highlight the session name with a different color if it has been modified since the last successful login, so that the user can notice the change more easily.

BTW: when the problem occurred for me, it seems that the session hasn't been changed by another user on purpose, but someone apparently played with the mouse and/or the keyboard (while the screen was off?).
Comment 3 André Klapper 2013-09-10 16:13:21 UTC
(In reply to comment #2)
> Laurent cannot reproduce this, but he used gdm 3.8. So, a part of the problem
> may have been fixed between 3.4 and 3.8, and something else triggers the
> problem in the case where the user cancels first.

...which likely means that somebody needs to identify that patch and Debian could backport it. There will not be any fixes for 3.4 upstream.

Version 3.4.x which is too old and not supported anymore by GNOME developers. GNOME developers are no longer working on that older version, so unfortunately there will not be any bug fixes by GNOME developers for the version that you use.
Please feel free to reopen this bug if the problem still occurs with a recent version of GNOME, or feel free to file a bug report in the bug tracking system of your Linux distribution if your distribution still supports your version 3.4.x
Comment 4 Laurent Bigonville 2013-09-10 17:35:49 UTC
Well my initial bug here was to add a timeout if the user is not entering his password fast enough when in the login screen (that would also invalidate any changes made to the session of the user).

So I guess it should be reopened
Comment 5 GNOME Infrastructure Team 2018-05-24 10:56:34 UTC
-- GitLab Migration Automatic Message --

This bug has been migrated to GNOME's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.gnome.org/GNOME/gdm/issues/165.