Bug#773026: screen does not lock on suspend (jessie regression)

Faidon Liambotis paravoid at debian.org
Sat Dec 13 11:23:56 UTC 2014


Package: gnome-screensaver
Version: 3.6.1-2
Severity: grave
Tags: security patch

Dear maintainer,

After upgrading my desktop from wheezy to jessie (w/ GNOME Flashback
mode), I was surprised to find that closing the lid of my laptop
suspended the system, but upon resume the screen was not locked and no
password prompt was needed to actually resume working on my screen.

Suffice to say, I think that's a security issue and thus, release
critical.

I investigated this quite a bit; it looks like with jessie's version,
GNOME doesn't use ConsoleKit anymore, but the alternative codepath for
this, namely handling systemd-login events, has been turned off by
passing --without-systemd to configure, over two years ago, with no
justification in the changelog.

Even with systemd support, though, it seems that in the (very old)
upstream version only Lock events are being processed, not suspend
(PrepareForSleep) ones (like gnome-shell does).  gnome-screensaver is
abandoned upstream, so I assume the API plans changed along the way over
the past two and a half years.

Fortunately, Ubuntu has prepared a patch for this and a) is trivial
enough, b) has been released with several Ubuntu versions and hence is
tested in the wild. While at it, I also ported another couple of Ubuntu
patches that while not strictly needed, help considerably in this use
case (namely, a) adding support for non-systemd Linux systems and b) not
leaking screen contents on resume).

Attached you will find a patch for the package to address this. The
total debdiff is:
  configure.ac           |    2 +-
  src/gs-listener-dbus.c |   33 +++++++++++++++++++++++++++++++--
  src/gs-listener-dbus.h |    1 +
  src/gs-manager.c       |    2 +-
  src/gs-monitor.c       |   16 ++++++++++++++++
  5 files changed, 50 insertions(+), 4 deletions(-)
...and is easily readable and understood, as well as widely tested. I
would definitely recommend including this in jessie.

Best,
Faidon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gnome-screensaver-suspendlock.diff
Type: text/x-diff
Size: 12976 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20141213/c048b734/attachment-0001.diff>


More information about the pkg-gnome-maintainers mailing list