[Pkg-xfce-devel] Bug#854344: Password dialog can be skipped using lightdm autologin feature

Yves-Alexis Perez corsac at debian.org
Sun Mar 12 13:11:47 UTC 2017


On Sun, 12 Mar 2017 12:48:03 +0100 Margarita Manterola <marga at debian.org>
wrote:
> reassign -1 lightdm 1.18.3-1
> retitle -1 Screensaver lock can be skipped using lightdm autologin 
> feature
> 
> Hi,
> 
> On 2017-02-06 10:25, Ivar Smolin wrote:
> > If user locks the screen with cinnamon-screensaver, the password dialog
> > can be skipped if lightdm autologin feature is enabled.
> 
> I've verified that this is exactly the same if the user uses the KDE 
> screensaver, so I'm reassigning the bug to lightdm.
> 
> > Scenario:
> > 1. Lock the screen
> > 2. Use "Switch users" button to activate the lightdm screen
> > 3. Wait until lightdm autologin timeout is over
> > 4. User desktop is activated
> 
> While I understand that this might be confusing and not what the user 
> expects (in some very specific situations), I don't think this is a 
> "security" bug. It seems to me that this is basically working as 
> intended, and that changing the behavior is a feature request to allow 
> very specific usecases (i.e. not having to type 2 passwords if your disk 
> is encrypted or having a session start automatically and then get locked 
> automatically).
> 
> Still, I'll let the lightdm maintainers decide on that.

Agreed, it looks to me like it's running more or less as intended. Can you be
a little bit more specific on what would be the expected behavior from your
point of view?

Regards,
-- 
Yves-Alexis
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-xfce-devel/attachments/20170312/4295a557/attachment.sig>


More information about the Pkg-xfce-devel mailing list