algorithmwolf
commented
1 week ago Seems related to #239
My (un?)educated guess of what's happening here is the actual cinnamon-screensaver process is crashing, and a helper process is immediately spawning a new process upon detecting this crash, because this helper process knows the system was supposed to be locked.
My suggestion is that this helper process should additionally draw a blank screen completely blocking the desktop right behind the lockscreen, in case the lockscreen ever crashes.
Distribution
Mint 22
Package version
6.2.0
Graphics hardware in use
Radeon 680M
Frequency
Always
Bug description
Cinnamon temporarily shows the desktop and allows interacting with it when the screen is resized.
This was tested using NoMachine: https://www.nomachine.com/ which effectively plugs into the real display that outputs to the HDMI port, unlike other remote desktop solutions that create virtual displays etc
In such a situation, a malicious user could potentially kill the cinnamon-screensaver process giving them full access to the desktop without knowing the password.
Steps to reproduce
Expected behavior
Instead of the desktop being revealed temporarily during screen resizing, the lockscreen should remain in place and block any access to the desktop.
Alternatively, it could be implemented as a black screen that captures all input while the locker restarts after the resizing operation finishes.
Additional information
I recorded this behaviour in a video: https://github.com/user-attachments/assets/87f195aa-6f96-4798-8a9f-67c278560ddd
The cinnamon-screensaver logs: cinnamon-screensaver.log