Package: lightdm Version: 1.2.6.0-4 I have observed this unexpected behavior on a Raspberry Pi running an (always updated) vanilla Raspberry Pi OS.
Here is how to reproduce it: * Use lightdm, have a user account with a passwort (no auto login used) * start the computer -> The login screen will show up after a while. * log in with the username and the password (in the graphical user interface) -> graphical user session will be displayed * start a terminal, type: "dm-tool lock" (It is a frequent hint in the internet to have a graphical shortcut for this commant in order to generate a "lock user session" functionality on the Raspi.) -> The login screen appears again. (So far everything is fine.) * Press Alt + Ctrl + F1 -> The console login will apear (just ignore it) * Press Alt + Ctrl + F7 -> The graphical user session re-appears. But his happend without the need to type the user password! Expectation of correct behavior: I would expect to need to type the user password before I can re-access the user session after a "lock" of the user session. I perceive this as a security bug, because the user session is not secured in the way the user probably expects it when he sees the re-login screen after his "lock" command. (My kids found this behavior when they tried all the keys on the keyboard in order to re-gain access to the computer having their favorite game installed.) Let me know if you need further information on the behavior itself or on other installed packages on the computer.
