[Pkg-virtualbox-devel] Bug#703520: when focus is on VM machine, debian's screen locker doesn't kick in

Marcos Marado mindboosternoori at gmail.com
Wed Mar 20 14:40:59 UTC 2013 

Package: virtualbox-ose
Version: 3.2.10-dfsg-1+squeeze1
Severity: important

Hi there,

I'm tagging this as "important" since this is a security issue (at
least from my prespective).

When using virtualbox-ose (only tested in stable's version) to run a
VM, and the VM
grabs both keyboard and mouse focus, Debian's configured lock screen
doesn't kick in
as expected in inactivity.

Eg:
* Configure your screensaver with lock screen (needing a password to
unlock), and make it
  run when there's no activity in two minutes;
* Wait two minutes and the screen gets locked, as expected.
* Unlock screen, run virtualbox-ose, open a VM, put the focus
(keyboard and mouse) in the
  VM;
* Wait two minutes without activity.
Expected: (debian) screen gets locked
What happens: nothing, screen doesn't get locked

Thanks for your time,
Marcos Marado

-- System Information:
Debian Release: 6.0.7
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages virtualbox-ose depends on:
ii  adduser            3.112+nmu2            add and remove users and groups
ii  libc6              2.13-27               Embedded GNU C Library: Shared lib
ii  libcurl3           7.21.1-1              Multi-protocol file transfer libra
ii  libgcc1            1:4.7.0-1             GCC support library
ii  libpng12-0         1.2.44-1+squeeze4     PNG library - runtime
ii  libpython2.6       2.6.6-8+b1            Shared Python runtime library (ver
ii  libsdl1.2debian    1.2.14-6.1            Simple DirectMedia Layer
ii  libssl0.9.8        0.9.8o-4squeeze14     SSL shared libraries
ii  libstdc++6         4.7.0-1               GNU Standard C++ Library v3
ii  libvncserver0      0.9.7-2+b1            API to write one's own vnc server
ii  libx11-6           2:1.3.3-4             X11 client-side library
ii  libxcursor1        1:1.1.10-2            X cursor management library
ii  libxext6           2:1.1.2-1             X11 miscellaneous extension librar
ii  libxml2            2.7.8.dfsg-2+squeeze6 GNOME XML library
ii  libxmu6            2:1.0.5-2             X11 miscellaneous utility library
ii  libxt6             1:1.0.7-1             X11 toolkit intrinsics library
ii  python             2.6.6-3+squeeze7      interactive high-level object-orie
ii  python-central     0.6.16+nmu1           register and build utility for Pyt
ii  zlib1g             1:1.2.3.4.dfsg-3      compression library - runtime

Versions of packages virtualbox-ose recommends:
ii  libgl1-mesa-glx [ 7.7.1-5                A free implementation of the OpenG
ii  libqt4-opengl     4:4.6.3-4+squeeze1     Qt 4 OpenGL module
ii  libqtcore4        4:4.6.3-4+squeeze1     Qt 4 core module
ii  libqtgui4         4:4.6.3-4+squeeze1     Qt 4 GUI module
ii  virtualbox-ose-dk 3.2.10-dfsg-1+squeeze1 x86 virtualization solution - kern
ii  virtualbox-ose-qt 3.2.10-dfsg-1+squeeze1 x86 virtualization solution - Qt b

Versions of packages virtualbox-ose suggests:
ii  libasound2             1.0.24.1-2        shared library for ALSA applicatio
ii  libpulse0              0.9.21-3+squeeze1 PulseAudio client libraries
pn  vde2                   <none>            (no description available)
pn  virtualbox-guest-addit <none>            (no description available)

-- debconf information:
* virtualbox-ose/upstream_version_change: true

More information about the Pkg-virtualbox-devel mailing list