[pkg-cinnamon] Bug#854344: Password dialog can be skipped using lightdm autologin feature
Margarita Manterola
marga at debian.org
Sun Mar 12 11:48:03 UTC 2017
reassign -1 lightdm 1.18.3-1
retitle -1 Screensaver lock can be skipped using lightdm autologin
feature
Hi,
On 2017-02-06 10:25, Ivar Smolin wrote:
> If user locks the screen with cinnamon-screensaver, the password dialog
> can be skipped if lightdm autologin feature is enabled.
I've verified that this is exactly the same if the user uses the KDE
screensaver, so I'm reassigning the bug to lightdm.
> Scenario:
> 1. Lock the screen
> 2. Use "Switch users" button to activate the lightdm screen
> 3. Wait until lightdm autologin timeout is over
> 4. User desktop is activated
While I understand that this might be confusing and not what the user
expects (in some very specific situations), I don't think this is a
"security" bug. It seems to me that this is basically working as
intended, and that changing the behavior is a feature request to allow
very specific usecases (i.e. not having to type 2 passwords if your disk
is encrypted or having a session start automatically and then get locked
automatically).
Still, I'll let the lightdm maintainers decide on that.
--
Regards,
Marga
More information about the pkg-cinnamon-team
mailing list