[Pkg-xfce-devel] Bug#735854: lightdm: "dm-tool lock" is easily circumvented

[Dylan Thurston]

Package: lightdm
Version: 1.8.5-3
Severity: normal

Dear Maintainer,

On my system, dm-tool lock is easily circumvented, to the point that I
circumvented it without realizing that I was doing so. With my usual X
session running on VT 7, "dm-tool lock" appears to open a new
authentication window on VT 8; but takes no measures to prevent the
user from switching back to the existing session on VT 7 with
Ctrl-Alt-F7 and using the session.

(I do not have xscreensaver installed, in case that's relevant.)

Thanks,
	Dylan Thurston

-- System Information:
Debian Release: jessie/sid
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.13.0-rc8 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages lightdm depends on:
ii  adduser                                3.113+nmu3
ii  consolekit                             0.4.6-3+b1
ii  dbus                                   1.7.10-2
ii  debconf [debconf-2.0]                  1.5.52
ii  libc6                                  2.17-97
ii  libgcrypt11                            1.5.3-3
ii  libglib2.0-0                           2.36.4-1
ii  libpam0g                               1.1.8-1
ii  libxcb1                                1.10-2
ii  libxdmcp6                              1:1.1.1-1
ii  lightdm-gtk-greeter [lightdm-greeter]  1.6.1-5

Versions of packages lightdm recommends:
ii  xserver-xorg  1:7.7+5

Versions of packages lightdm suggests:
ii  accountsservice  0.6.34-2
ii  upower           0.9.23-2+b1

-- debconf information:
* shared/default-x-display-manager: lightdm
  lightdm/daemon_name: /usr/sbin/lightdm