Upon wake, the desktop was visible briefly before the lock screen showed

[LinuxOnTheDesktop]

Distribution

Mint 21.2

Package version

5.8.1

Graphics hardware in use

Intel onchip; Mesa

Frequency

Only occasionally

Bug description

The desktop - including icons, conky, dock (Plank) - was visible for approximately a third of a second upon wake and before the lock screen. This is a security problem as well as behaviour that throws the user.

Steps to reproduce

Unknown. I have not seen the problem before - except when I had an external monitor attached (which I did not have this time): see #406.

What trigged the problem this time was simply waking the laptop (by pressing a key on its keyboard). The machine has been asleep for some eighteen hours.

Expected behavior

The desktop should not be visible until one has unlocked the PC.

Additional information

$ cinnamon-screensaver --debug --hold
Fractional scaling active: False
Trying to connect to logind...
Starting screensaver...
Debug mode active
Cinnamon Screensaver support not found in current theme - adding some...
service: 'GetActive' received, poking application.
service: 'GetActive' received, poking application.
org.gnome.ScreenSaver is gone from the session bus
org.mate.ScreenSaver is gone from the session bus
service: 'GetActive' received, poking application.
login client: found session path for user '<me>' (session_id: c2): /org/freedesktop/login1/session/c2
Successfully using logind

An excerpt from .xsession-errors:

cinnamon-session[4122]: WARNING: t+731.43769s: Detected that screensaver has appeared on the bus
log_ksystemlog: Log manager is not yet initialized
cinnamon-session[4122]: WARNING: t+872.62203s: Detected that screensaver has left the bus
cinnamon-session[4122]: WARNING: t+878.17943s: Detected that screensaver has left the bus
** (csd-automount:4293): WARNING **: 01:47:04.868: Can't call GetActive() on the ScreenSaver object: Cannot invoke method; proxy is for the well-known name “org.cinnamon.ScreenSaver” without an owner, and proxy was constructed with the G_DBUS_PROXY_FLAGS_DO_NOT_AUTO_START flag
mint-common (WARN): Process remote: Server returned status 404: Not Found
cinnamon-session[4122]: WARNING: t+991.45039s: Detected that screensaver has appeared on the bus

$ cat /var/log/syslog grep ScreenSaver
[. . .]
Aug 20 01:42:15 x1 systemd[1]: systemd-suspend.service: Deactivated successfully.
Aug 20 01:42:15 x1 systemd[1]: Finished System Suspend.
Aug 20 01:42:15 x1 systemd[1]: Stopped target Sleep.
Aug 20 01:42:15 x1 systemd[1]: Reached target Suspend.
Aug 20 01:42:15 x1 systemd[1]: Stopped target Suspend.
Aug 20 01:42:15 x1 systemd-networkd[967]: lo: Reset carrier
[. . .]
Aug 20 01:42:16 x1 systemd-networkd[967]: enp0s31f6: Link UP
Aug 20 01:42:16 x1 systemd-networkd[967]: wlp2s0: Link UP
[. . .]
Aug 20 01:42:22 x1 cinnamon-screensaver-pam-helper: pam_ecryptfs: seteuid error
Aug 20 01:42:30 x1 systemd[1]: NetworkManager-dispatcher.service: Deactivated successfully.
Aug 20 01:42:45 x1 systemd[1]: systemd-localed.service: Deactivated successfully.
Aug 20 01:42:52 x1 cinnamon-session[4122]: WARNING: t+625.67715s: Detected that screensaver has left the bus
Aug 20 01:42:52 x1 org.cinnamon.ScreenSaver[20202]: Error in sys.excepthook:
Aug 20 01:42:52 x1 org.cinnamon.ScreenSaver[20202]: Original exception was:
Aug 20 01:42:52 x1 org.cinnamon.ScreenSaver[20202]: Error in sys.excepthook:
Aug 20 01:42:52 x1 org.cinnamon.ScreenSaver[20202]: Original exception was:
Aug 20 01:42:52 x1 org.cinnamon.ScreenSaver[20202]: Error in sys.excepthook:
Aug 20 01:42:52 x1 org.cinnamon.ScreenSaver[20202]: Original exception was:
Aug 20 01:44:38 x1 cinnamon-session[4122]: WARNING: t+731.43769s: Detected that screensaver has appeared on the bus
Aug 20 01:45:47 x1 dbus-daemon[628]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service' requested by ':1.365' (uid=1000 pid=25247 comm="/opt/sublime_text/sublime_text --detached ")
Aug 20 01:45:47 x1 systemd[1]: Starting Hostname Service...
Aug 20 01:45:48 x1 dbus-daemon[628]: [system] Successfully activated service 'org.freedesktop.hostname1'
Aug 20 01:45:48 x1 systemd[1]: Started Hostname Service.
Aug 20 01:46:18 x1 systemd[1]: systemd-hostnamed.service: Deactivated successfully.

Kernel 6.2.16 . . generic.

[LinuxOnTheDesktop]

The frequency of the problem has become high: it occurs at least as often as things work as they should.

[LinuxOnTheDesktop]

I repeat: 'This is a security problem as well as behaviour that throws the user.'

[przadka]

I'd like to echo the sentiments of the original post. I'm also experiencing this issue and can confirm its occurrence on my system.

• System Details:
• Distribution: Mint 21.2
• Kernel Version: 5.15.0-86-generic
• Display Manager: LightDM
• Graphics Card: TigerLake-LP GT2 [Iris Xe Graphics]
• Driver: Mesa Intel(R) Xe Graphics (TGL GT2)

The brief exposure of the desktop contents before the lock screen appears is indeed a security concern. In my case, it happens when my laptop is connected to an external monitor. The duration of this exposure is brief, but it's sufficient for someone to potentially capture sensitive information using a camera.

[LinuxOnTheDesktop]

Apparently [and - EDIT - I did do it] one can get 'xscreensaver' to work on Linux Mint. However, one has to either compile from source (EDIT: there are instructions within the README file within the download] or else use a rather old repository version. [EDITED, again - this time for clarity.]

[LinuxOnTheDesktop]

I wrote instructions for getting xscreensaver working on Mint Cinnamon. Those instructions are here on PasteBin.

Drawbacks of using xscreensaver

• As its name suggests (and the man page confirms, xscreensaver does not work under Wayland.

• If one compiles from source, then updating is a pain. I note here that the author of xscreensaver has implored Linux distributions either to package recent versions of his software or else not package it at all.

• There is a lack of integration with Cinnamon.

• Xscreensaver lacks some of the functionality of Cinnamon's screensaver.

So, why consider using xscreensaver? Because it locks the screen promptly and securely (and offers entertaining graphics).

EDITED.

[MatzFan]

Same issue here on LMDE 6 (faye) installed on an old MacBook Air.

The problem actually seems more acute after installing the latest version (v6.2.1).

[LinuxOnTheDesktop]

Michael Webster says (here) that the problem has a chance of being solved only when Mint moves to Wayland. For, the fundamental problem is the X windowing system. Thus - as I have verified - even xscreensaver (a program mentioned above) shows the desktop for a tiny but (on my hardware anyway) just-about-noticeable fraction of a second.

[fritzw]

For xscreensaver this can be fixed by adding a file to /usr/lib/systemd/system-sleep that runs xscreensaver-command --suspend. This causes the screen to be locked before the CPU goes to sleep (compare xscreensaver FAQ which implies that this should happen automatically). Maybe a similar fix can be applied to cinnamon-screensaver?

However, this would still not fix the issue that the desktop is shown when the monitor configuration changes while locked, e.g. by attaching or unplugging a monitor, rotating a laptop with an orientation sensor (see #460, #436, #414, #406). These problems did not appear with xscreensaver in my testing, but appeared reproducibly with cinnamon-screensaver, to the degree that it cannot be considered a secure way to lock the screen against any but the most hapless attackers.

[LinuxOnTheDesktop]

@fritzw In addition to some relatively minor problems with xscreensaver, about which I emailed you, I find, now that, on my ThinkPad X230, xscreensaver both blocks my Cinnamon power settings (settings to do with the monitor and going into suspend) and fails to implement its own power settings. Those latter power settings are within xscreensaver-setting's 'advanced' tab and they concern - though one might not guess this from their names - only the monitor. But I cannot manage to make them make the screen blank or put the display into any sort of power-saving state.

So at present the choice for Mint users seems to be: use the Cinnamon screensaver, which shows the desktop briefly before locking and is insecure in other ways; use xscreensaver and give up upon power management. But: @mtwebster : can Cinnamon implement the systemd thingy such that Cinnamon's screensaver, like xscreensaver, does not show the desktop before locking? That is: do we not here have a solution to the bug that this issue (#440) is centrally about?

[mtwebster]

The screensaver always locks prior to going to sleep. You can usually see this if you manually suspend the machine. I maintain my explanation for the desktop being briefly visible in some situations. I suspect xscreensaver is just better at this because it's a much lighter program than cinnamon-screensaver (written natively for X11, not using any toolkit like Gtk).

I'm hoping to get the screensaver implemented as part of Cinnamon in one of the next releases, as quite a bit of code we use in cinnamon-screensaver relies on x11-only features. This will be a non-issue once that happens (including x11 sessions, if we choose to use it for both types).

[LinuxOnTheDesktop]

@mtwebster : 'in one of the next releases [. . t]his will be a non-issue'. That's great.

EDITED. I add the following though, for what it is worth. When I tried xscreensaver just now, on a slow computer, xscreensaver did not show the desktop at all when presenting the lock dialogue, whereas, when I had tried xscreensaver previously, for a fraction of a second, it did display the desktop. But, ah: when trying xscreensaver this time, II could not suspend the computer; and it was upon resume that, in the past, xscreensaver showed the desktop briefly.

[fritzw]

Same for me with xscreensaver. No amount of sleeping/waking or adding/unplugging/rotating of monitors shows any part of the desktop. With cinnamon-screensaver I can even type in a terminal during the short time when the desktop is visible, e.g. to kill the screensaver process.Glad to hear that this will go away in the future. How do you plan to address the issue for X11 sessions?Am 11.10.2024 um 23:03 schrieb LinuxOnTheDesktop @.***>: @mtwebster : 'in one of the next releases [. . t]his will be a non-issue'. That's great. I add the following though, for what it is worth. When I tried xscreensaver just now, on a slow computer, xscreensaver did not show the desktop at all when presenting the lock dialogue, whereas, when I had tried xscreensaver previously, for a fraction of a second, it did display the desktop.

—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you were mentioned.Message ID: @.***>

[LinuxOnTheDesktop]

@fritzw : part of my comment was confused. Please see how, subsequently, I have edited it.

[Zapperz0398]

I have been having the same problem. The lock icon on Linux Mint Cinnamon does not work properly. Initially, I didn't have time to find out why, so I left it and decided to just use systemctl commands in the terminal to lock the screen and then suspend the device.

However, upon waking the system, the desktop is briefly shown unlocked for a second (possibly longer) before the lock screen appears. I assumed it was because the lock command didn't have enough time to process, as the script I run immediately suspends the system after the lock command is invoked

I am using a Wayland session, though.

[fritzw]

You can usually see this if you manually suspend the machine. I maintain my explanation for the desktop being briefly visible in some situations. I suspect xscreensaver is just better at this because it's a much lighter program than cinnamon-screensaver (written natively for X11, not using any toolkit like Gtk).

@mtwebster However, the desktop being visible is not the only thing that xscreensaver does differently. With cinnamon-screensaver, I can actually type into a terminal in the supposedly-locked session during the brief moment while the screen is shown. With a macro keyboard, it should not be hard to type <Alt+F2>killall cinnamon-screensaver<ENTER> in a split-second to unlock the screen.

With cinnamon-screensaver this flashing of the desktop can be easily triggered, on demand. But with xscreensaver no amount of waking/sleeping or plugging or unplugging monitors (while hammering on the keyboard like a madman) allowed any input to pass through to the locked desktop. Even if the desktop was accessible for only a few milliseconds, at least one of the hundreds of keystrokes should have passed through, so I suspect that xscreensaver does something fundamentally different like grabbing the keyboard globally, or some such thing (I'm not an X11 expert myself).

[nNoidea]

problem also exist in Mint 22