Closed brianjmurrell closed 1 week ago
dragon788
commented
9 years ago I've encountered a slightly different instance of this. My main machine (server) running Ubuntu 14.04 will sleep the monitor while the mouse is on the client (Windows), but it will not LOCK while the mouse is over there. This is a potential security issue. If I manually lock the client it will return the mouse to the server, but then if I bump my mouse over to the client it will prevent the server from ever locking.
alanhoyle
commented
8 years ago Want to reiterate this is a security issue. In addition to exposing user data that would otherwise be hidden behind the screensaver, the saver doesn't kick for a fraction of a second on mouse entry. There's enough time for an attacker to move the cursor and paste a command into a visible Terminal window, that could execute something bad (e.g. "rm -rf /" or something)
megies
commented
8 years ago This really needs to be addressed..
alanhoyle
commented
8 years ago Note that I see this issue on OSX 10.11.6 client and Ubuntu 16.04 server, both running Synergy 1.7.6, latest updates all around.
alanhoyle
commented
6 years ago ... still a problem on OSX 10.13.2, Ubuntu 17.10, Synergy 1.8.8....
megies
commented
6 years ago Guess they decided to ignore this issue, which is really not acceptable. This is clearly security critical.
dragon788
commented
6 years ago If you uncheck the option to keep the screensavers in sync does it allow the machines to lock?
alanhoyle
commented
6 years ago I do not use the UI, I use a .synergy.conf file, and I do not have the screenSaverSync option set, and the default is unclear from https://github.com/symless/synergy-core/wiki/Text-Config
megies
commented
6 years ago If you uncheck the option to keep the screensavers in sync does it allow the machines to lock?
I'm on synergy-core without UI as well (compiled from git tag v2.0.0-stable on Debian 8 jessie). Just tested, makes no difference when I set screenSaverSync = false.
My gnome (v3.14) pops up a notification when the screensaver should kick in that says Unable to lock. Lock was blocked by an application.
nbolton
commented
1 week ago This issue has been inactive for a while so I'll close it for now. Please let me know if this is still an issue so that I can reopen it.
I have two Fedora 20 machines where one is the synergy server and one is the client. While the mouse cursor is on the client, the synergys machine won't go into screensaver mode until the mouse pointer is returned to the synergys machine's screen.
So to be clear, if I leave the mouse pointer on the synergy client machine, and walk away from the computers for hours (i.e. over night), the screensaver on the synergy server machine will not start. However as soon as I move the mouse back to the synergy server's screen, the screensaver on the synergy server machine will actually start. It's like the screensaver on the synergy server is blocked while the mouse is not on it's screen and it becomes unblocked (and notices the many hours of idle) as soon as the mouse cursor moves back onto it's screen and seeing the many hours of idle all of a sudden decides to invoke the screensaver.