Bug#869698: mate-desktop-environment: Not-remote security: On resume desktop with opened documents is exposed to eavesdropper before unlock prompt appear

Sergio B. feedly.chsk at gmail.com
Tue Jul 25 18:13:14 UTC 2017 

Package: mate-desktop-environment
Version: 1.16.0+1
Severity: important

Dear Maintainer,

I do not know what package this issue exactly belongs to and I hope you know
that better and can forward this report if needed.
This issue survives for years, it existed in Debian 8 Mate and now I see it
with Debian 9 Mate again. It exists on two different laptops I use one i386
and
another amd64.

When system resumes from suspend2ram or (especially!) suspend2disk state the
first thing I see in graphics is Mate's desktop with all windows and
documents
were opened before I start suspend. A _moment_ later screen fades to black
or
hides desktop and switches to unlock prompt asking for password.
How long that "moment" is? It depends on speed of system, "weight" of
running
applications, amount of used swap, where (RAM/disk) resuming is being done
from. For fast machine with little load this issue may be invisible or
"almost
invisible" taking a second, for slow single core with swapping it happens
desktop is exposed to eavesdropper for dozens of seconds after resuming from
disk and before it is hidden behind password prompt.

Evil russian hackers have enough time to take photocamera and steal all my
secrets about my interference in Mordor's elections! Help! :)



-- System Information:
Debian Release: 9.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-3-amd64 (SMP w/1 CPU core)
Locale: LANG=ru_UA.UTF-8, LC_CTYPE=ru_UA.UTF-8 (charmap=UTF-8),
LANGUAGE=ru_UA:ru (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages mate-desktop-environment depends on:
ii  mate-desktop-environment-core  1.16.0+1

Versions of packages mate-desktop-environment recommends:
ii  atril                     1.16.1-2+deb9u1
ii  desktop-base              9.0.2
ii  engrampa                  1.16.0-2
ii  eom                       1.16.1-1
ii  ffmpegthumbnailer         2.1.1-0.1+b3
ii  galculator                2.1.4-1+b1
ii  mate-applets              1.16.0-1
ii  mate-icon-theme-faenza    1.16.0+dfsg1-2
ii  mate-media                1.16.0-1
ii  mate-notification-daemon  1.16.1-1
ii  mate-power-manager        1.16.2-1
ii  mate-screensaver          1.16.1-1
ii  mate-system-monitor       1.16.0-2
ii  mate-user-guide           1.16.0-1
ii  mate-utils                1.16.0-1
ii  pluma                     1.16.1-1

Versions of packages mate-desktop-environment suggests:
ii  mailutils [mail-reader]    1:3.1.1-1
ii  network-manager-gnome      1.4.4-1
pn  x-www-browser | iceweasel  <none>

-- no debconf information
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-mate-team/attachments/20170725/4760db32/attachment.html>

More information about the pkg-mate-team mailing list