*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Eduardo Barretto
(ebarretto):
Hi,
after using Lubuntu for years, I was just giving Xubuntu a try and have
installed a machine with Xubuntu, and was astonished to see confidential
data in my home directory largely on the screen when the computer is
locked.
reason:
XFCE4 comes with a screensaver that by default picks a random
screensaver art program every time it starts. And one of the programs it
randomly picks is "slideshow", which shows the Pictures from ~/Pictures
on the locked screen, thus revealing confidential screen shots, scans,
etc.
What stupid concept is it, to display data from the account on the screen of a
locked computer?
What's the point in locking the computer then?
ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: xfce4-screensaver 4.16.0-1
ProcVersionSignature: Ubuntu 5.15.0-56.62-generic 5.15.64
Uname: Linux 5.15.0-56-generic x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
ApportVersion: 2.20.11-0ubuntu82.3
Architecture: amd64
CasperMD5CheckResult: pass
CurrentDesktop: XFCE
Date: Tue Jan 3 08:49:10 2023
InstallationDate: Installed on 2022-12-25 (8 days ago)
InstallationMedia: Xubuntu 22.04.1 LTS "Jammy Jellyfish" - Release amd64
(20220809.1)
SourcePackage: xfce4-screensaver
UpgradeStatus: No upgrade log present (probably fresh install)
** Affects: xfce4-screensaver (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug jammy
--
xfce4 screensaver revealing confidential data when computer is locked
https://bugs.launchpad.net/bugs/2000900
You received this bug notification because you are a member of Ubuntu Bugs,
which is subscribed to the bug report.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
