Bug#1053825: Screensaver with only blank does not work after suspend
Hi,
On Thu, Oct 12, 2023 at 06:57:20AM +0100, Klaus Ethgen wrote:
> Package: src:linux
> Version: 6.5.6-1
> Severity: critical
> Tags: security
> X-Debbugs-Cc: Debian Security Team <team@security.debian.org>
>
> It is not fully clear for me, where exactly this bug happens. First I
> was thinking about xscreensaver but that package got not updated for
> ages. The bug happens with updates from kernel 6.4.0 to 6.5.0.
So you are saying this happens solely after switching from 6.4.y
series to 6.5.y series. Thus I assume 6.5.3-1 in testing as well
exposes the issue.
> I use xscreensaver with fvwm3 on my amd laptop. xscreensaver is set up
> to only blank the screen.
>
> When I lock the screen and press a key or moving the mouse, everything
> is fine. But when I go to suspend too ram after locking and waking up
> the laptop, the password dialog gets showed as usual but I can see the
> full desktop content with probably sensitive material on in. Although, I
> cannot interact with the desktop, it is a security break to reveal the
> content without authenticating.
>
> It might be related, when I have a PSI chat window on the screen but on
> different desktop, it gets moved to the current one. That definitively
> also came with the new kernel.
Can you please attach as well the kernel log once you triggered the
behaviour? Anything suspicious logged?
Next, can you bisect the kernel between a good known upstream version
and 6.5.6? Can you as well test 6.5.7 upstream to see if it fixes the
issue?
Currently there is nothing which sound similar in the kernel
regression tracking status, TTBOMK.
Regards,
Salvatore
Reply to: