[Secure-testing-team] Bug#645427: Stopped locking the screen when closing the laptop lid

Michael Gilbert michael.s.gilbert at gmail.com
Sat Oct 15 20:24:12 UTC 2011


Josh Triplett wrote:

> Package: gnome-screensaver
> Version: 3.0.1-1
> Severity: grave
> Tags: security
> 
> I upgraded gnome-screensaver, and it stopped locking the screen when I
> close the lid of my laptop.  It now only locks if I explicitly lock the
> screen (ctrl-alt-L), or after some timeout (on the order of 5-15
> minutes, ).
> 
> For anyone who counts on this behavior of gnome-screensaver as a
> component of their system's security, this represents a security bug.

This also could have been an intentional design change, and thus
shouldn't necessarily be viewed as some kind of security lapse
(especially since the screen is going to lock after some timeout
anyway).

As a counter-point, xscreensaver does not automatically lock on lid
close either, and isn't expected to do so, so such behavior need not be
considered as a security issue.  I guess what I'm saying is that lid
close screen locking has in the past been a choice left up to the user,
so there's no reason to consider the same behavior as a security issue
now.

Best wishes,
Mike



More information about the Secure-testing-team mailing list