search

QubesOS / qubes-issues

The Qubes OS Project issue tracker
https://www.qubes-os.org/doc/issue-tracking/
535 stars 47 forks source link

Race condition affecting XScreenSaver revealing the contents of the display prior to invocation #8601

Open no-usernames-left opened 1 year ago

no-usernames-left commented 1 year ago

Qubes OS release

4.1 (the current patch release as of 2022-10-08)

Brief summary

There is a race condition which can leave the screen contents visible if a key is pressed on the keyboard very quickly after the screen saver kicks in.

XScreenSaver was configured to blank the display immediately (and power it off) instead of displaying a screen saver.

Steps to reproduce

Using XScreenSaver, configure it to blank and power off the display immediately upon invocation. Very quickly after it kicks in, press any key on the keyboard. (This may not be reproducible easily.)

Expected behavior

The contents of the display prior to the screensaver's invocation must not be visible under any circumstances unless the correct password is entered.

Actual behavior

Whatever was displayed prior to the invocation of XScreenSaver is clearly shown with the XScreenSaver password dialog superimposed over it.

no-usernames-left commented 1 year ago

As the kids say these days, "pics or it didn't happen":

IMG_20221008_194119_153