[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#800602: Lightdm: orca speaks characters while typing the password.

On 10/19/15, Ksamak <ksamak@hypra.fr> wrote:
> Actually, this bug seems to mostly appear when the following option is set:
> [SeatDefaults]
> greeter-hide-users=false
> This is mainly used to have the "main" user directly written in the
> first field, so as not to retype it every boot.
> So when you have this option activated, the focus is directly put on the
> password field, and then the bug appears.
> if the user circles through the fields once, with tab, then back on the
> password field, the bug disappears.
> I've seen it appear as well when two users are set-up on the system, but
> i'm not sure about the exactness of my reproduce steps, so i'll try
> again if people find the bug Could Not Reproducable
> I can make available a VM with the bug appearing at boot, for tests
> (3.6Gb)
> lightdm version 1.10.3-3, jessie current.

I THINK this is only my second bug I've tried to assist with so I
didn't want to be the participant who keeps responding to herself.
Just as soon as I offered up my previous observation re the
possibility of toggling password masking on and off, I found the
following pre-existing bug:

Bug #736964; Dated January 28, 2014
Bug Title: [lightdm] Password is shown in cleart text while typing

The extremely short synopsis is that, exactly as Ksamak shared here in
this current bug report, "greeter-hide-users=false" was determined to
be at least one culprit. The ultimate outcome at the end of that bug
report is it appears to have possibly been determined to be a
Launchpad responsibility.

Because lightdm is so small, I was able to download both the source
and the .deb archive file just to nose around to see if I could help
you all further. I don't know the ultimate default outcome during
installation of either of those versus the other BUT.....

* within the .deb archive file (the i386 version),
/etc/lightdm/lightdm.conf references "greeter-hide-users=false". It's
initially commented out, but I *presume* "false" is its default value
if/when activated. Wondering out loud: Is it perhaps an option offered
to users during the installation process? If it is, maybe it needs to
be better described in some way at that moment so users fully
understand the consequence of that particular user CHOICE.

* the .xz compilable source file contains a file called 01_debian.conf
which references "greeter-hide-users=true". That's the only place I
found it in the .xz file after briefly extracting and then grepping
for that variable. Its value is noticeably the absolute opposite of
the same variable found in the .deb file. As you all have already
determined, the value "true" definitely sounds the more secure
screenreader related CHOICE.

Am just sharing the above, particularly the previously reported bug,
since the bug appears very similar so maybe there is something that
was already addressed by Developers that could help short track
Debian's fix. As has been discussed already, this is definitely a high
security risk for Debian Users with visual impairments. I wish I
understood Debian's inside coding more so I could be in there helping
you all  nail it down.

Good luck!

Cindy :)

Cindy-Sue Causey
Talking Rock, Pickens County, Georgia, USA

* runs with duct tape *

Reply to: