linuxmint / cinnamon-screensaver

The Cinnamon screen locker and screensaver program
GNU General Public License v2.0
150 stars 88 forks source link

`cinnamon-screensaver-command --deactivate` unlocks the screen #442

Open Nihlus opened 1 year ago

Nihlus commented 1 year ago

Distribution

Mint 21.1

Package version

5.4.5

Graphics hardware in use

NVIDIA Corporation GK107GL [Quadro K2000]

Frequency

Always

Bug description

When using cinnamon-screensaver-command --deactivate, the program shuts down the screensaver directly without prompting for a password. This is somewhat unexpected behaviour when compared to the help output, which states the following:

usage: cinnamon-screensaver-command [-h] [--exit] [--query] [--time] [--lock]
                                    [--activate] [--deactivate] [--version]
                                    [--away-message MESSAGE]

Cinnamon Screensaver Command

options:
  -h, --help            show this help message and exit
  --exit, -e            Causes the screensaver to exit gracefully
  --query, -q           Query the state of the screensaver
  --time, -t            Query the length of time the screensaver has been
                        active
  --lock, -l            Tells the running screensaver process to lock the
                        screen immediately
  --activate, -a        Turn the screensaver on (blank the screen)
  --deactivate, -d      If the screensaver is active then deactivate it (un-
                        blank the screen)
  --version, -V         Version of this application
  --away-message MESSAGE, -m MESSAGE
                        Message to be displayed in lock screen

In particular, note that --deactivate is explained and clarified as intended to un-blank the screen, not exit the screensaver itself.

The current conflicting information and behaviour is rather confusing and can lead to security issues if the system administrator is unaware of the difference in expected behaviour.

Steps to reproduce

  1. Lock your screen, either via hotkey or cinnamon-screensaver-command --lock
  2. Go to another console (CTRL+ALT+F1)
  3. Run cinnamon-screensaver-command --deactivate
  4. Return to the graphical console (CTRL+ALT+F7)
  5. Observe that the session is unlocked

Expected behavior

Based on the help output, I would expect --deactivate to merely unblank the screen and prompt the user for a password. I do not see any meaningful difference between calling --exit and --deactivate in the current behaviour, which suggests that this behaviour from --deactivate is not intentional.

Furthermore, the description in the command's help output is also consistent with other common similar commands, such as xscreensaver-command, where the actual behaviour is just an unblanking and not a full unlock.

Additional information

The main reason for wanting a way to explicitly deblank the screen in my case is that of smartcard authentication. It is desirable to wake up the screen on smartcard insertion without additional user input, and as it is, there is currently no way of doing this with Cinnamon.

I do realize that this behaviour has been around for a while now, and it may not be possible to change or correct it without breaking other assumptions. Adding an option to unblank the screen should, however, be considered in any case in order to properly support use cases like the one above.