[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#930527: linux-image-4.19.0-5-amd64: when logging out, not the whole screen is erased, leaving private information

On 2020-03-29 19:10:30 +0200, Ivo De Decker wrote:
> On Fri, Jun 14, 2019 at 04:31:16PM +0200, Vincent Lefevre wrote:
> > When logging out, a part of the previous session is still visible.
> > This might be used to compromise the user's account or leak other
> > private information, depending on what was written on the screen.
> 
> What do you mean exactly? Is the screen only erased partially, or not at all?

It was partially erased.

> Is there something specific about your setup that you think might be relevant
> here?

I don't think so, except the use of the nouveau driver, of course.
But there were no issues for years. I think that problems started
to occur after some kernel upgrade. Now, I haven't had any problem
since December, I think.

> Also, I don't think this bug is really 'grave'. Even if private information
> remains on the screen, the user can see that, and take action to avoid it.

Not if one logs out remotely.

Regards,

-- 
Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
Reply to: