[Pkg-xfce-devel] Bug#732854: lightdm shows a part of my desktop screen as a part of the background of the login screen

Vincent Lefevre vincent at vinc17.net
Sun Dec 22 15:54:12 UTC 2013 

Package: lightdm
Version: 1.8.5-2
Severity: grave
Tags: security
Justification: user security hole

Here's what I did:
1. Quit me desktop session.
2. In lightdm (whose screen appeared correctly), clicked on "Restart".
3. Waited for the restart, chose the default Linux kernel...

First lightdm seemed to be confused by the screen resolution because
the display of the login box didn't appear at the right place first.
Note that the machine is a laptop, and I use it at home with a larger
external screen, but since yesterday morning I'm no longer at home.
I wonder whether this is related (but note that in step 2, everything
was OK).

Then the login box reappeared correctly. However the background was
still incorrect, with parts of my desktop screen, i.e. private data
accessible to everyone! There was nothing really private here, but
there could have been a password visible or other private information
or whatever.

I'm attaching a photo I took of the laptop screen.

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.11-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages lightdm depends on:
ii  adduser                                3.113+nmu3
ii  consolekit                             0.4.6-3+b1
ii  dbus                                   1.6.18-2
ii  debconf [debconf-2.0]                  1.5.52
ii  libc6                                  2.17-97
ii  libgcrypt11                            1.5.3-2
ii  libglib2.0-0                           2.36.4-1
ii  libpam0g                               1.1.3-10
ii  libxcb1                                1.9.1-3.1
ii  libxdmcp6                              1:1.1.1-1
ii  lightdm-gtk-greeter [lightdm-greeter]  1.6.1-4

Versions of packages lightdm recommends:
ii  xserver-xorg  1:7.7+4

Versions of packages lightdm suggests:
ii  accountsservice  0.6.34-2
ii  upower           0.9.23-2+b1

-- Configuration Files:
/etc/lightdm/lightdm.conf changed:
[LightDM]
[SeatDefaults]
greeter-hide-users=false
[XDMCPServer]
[VNCServer]


-- debconf information:
  lightdm/daemon_name: /usr/sbin/lightdm
* shared/default-x-display-manager: lightdm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 20131222_162552_resized.jpg
Type: image/jpeg
Size: 406088 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-xfce-devel/attachments/20131222/b6101fb4/attachment-0001.jpg>

More information about the Pkg-xfce-devel mailing list