Bug#580370: kdebase-bin: When suspending (S3 & S4) screen locking can be avoided in a specific circumstance

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#580370: kdebase-bin: When suspending (S3 & S4) screen locking can be avoided in a specific circumstance
From: Sheridan Hutchinson <sheridan@shezza.org>
Date: Wed, 05 May 2010 15:14:41 +0100
Message-id: <[🔎] 20100505141441.21987.26624.reportbug@localhost.localdomain>
Reply-to: Sheridan Hutchinson <sheridan@shezza.org>, 580370@bugs.debian.org

Package: kdebase-bin
Version: 4:4.4.3-1
Severity: important

This is a security bug.

KDE4 has made great efforts to enforce screen locking when a machine is put in to suspend (S3) or hibernate (S4) modes.

After reviewing KDE 4.4, which recently arrived in sid, I have discovered that there is only one remaining way of avoiding screen locking preferences.

To reliably reproduce:

1.) Click on the 'K'

2.) Hover the mouse cursor over 'Leave'

3.) Click shutdown

4.) A new dialog will appear.  Hold and press the left mouse-button on the text 'Turn off your computer' and select either suspend to RAM or suspend to disk (whichever your poison).

5.) Your machine will suspend as commanded.

6.) Resume your machine, to find any previously set screen locking preferences are evaded.


-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-3-686 (SMP w/1 CPU core)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages kdebase-bin depends on:
ii  kdebase-data                  4:4.4.3-1  shared data files for the KDE 4 ba
ii  kdebase-runtime               4:4.4.3-1  runtime components from the offici
ii  libc6                         2.10.2-6   Embedded GNU C Library: Shared lib
ii  libkdecore5                   4:4.4.3-1  the KDE Platform Core Library
ii  libkdeui5                     4:4.4.3-1  the KDE Platform User Interface Li
ii  libkfile4                     4:4.4.3-1  the File Selection Dialog Library 
ii  libkhtml5                     4:4.4.3-1  the KHTML Web Content Rendering En
ii  libkio5                       4:4.4.3-1  the Network-enabled File Managemen
ii  libkparts4                    4:4.4.3-1  the Framework for the KDE Platform
ii  libqt4-dbus                   4:4.6.2-4  Qt 4 D-Bus module
ii  libqt4-xml                    4:4.6.2-4  Qt 4 XML module
ii  libqtcore4                    4:4.6.2-4  Qt 4 core module
ii  libqtgui4                     4:4.6.2-4  Qt 4 GUI module
ii  libstdc++6                    4.4.4-1    The GNU Standard C++ Library v3
ii  libx11-6                      2:1.3.3-3  X11 client-side library

kdebase-bin recommends no packages.

kdebase-bin suggests no packages.

-- no debconf information

Reply to:

Prev by Date: Bug#580355: kate: Opening file or using document browser gives "The process
Next by Date: Bug#525877: Plugins now visible
Previous by thread: Bug#580355: kate: Opening file or using document browser gives "The process
Next by thread: Bug#525877: Plugins now visible
Index(es):
- Date
- Thread