inconsistent settings for lock screen between xfce4-session and xfce4-power-manager
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Xfce4 Power Manager |
Fix Released
|
Undecided
|
Sean Davis | ||
| Xfce4 Session |
Fix Released
|
Wishlist
|
|||
| xfce4-power-manager (Ubuntu) |
Fix Released
|
Undecided
|
Sean Davis | ||
Bug Description
Linux Mint 14, XFCE edition.
The XFCE power manager consistently fails to lock the screen upon suspend when the computer is put to sleep using the log-out dialog or the Action Buttons applet. The "lock screen when going for suspend/hibernate" option is set to true. The screen locks, as expected, when the computer is told to suspend via the right-click menu for the Power Manager applet in the dock.
To reproduce the bug make sure that "lock screen when going for suspend/hibernate" is set in the control panel then go into the Applications Menu and select "Log Out." Then select "Suspend." The screen ought to lock and then the computer ought to go to sleep. Instead, the computer suspends without locking the screen and when the computer resumes it does not require a password.
This is a security vulnerability as it is far too easy to accidently leave the computer unlocked when one would reasonably expect it to lock itself.
Related branches
- Chris J Arges: Needs Fixing
- Pasi Lallinaho (community): Approve (community)
-
Diff: 2629 lines (+2527/-3)8 files modified.pc/09_sync_session_xfpm_lock_setting.patch/settings/xfpm-settings.c (+1726/-0)
.pc/09_sync_session_xfpm_lock_setting.patch/src/xfpm-xfconf.c (+610/-0)
.pc/applied-patches (+1/-0)
debian/changelog (+6/-0)
debian/patches/09_sync_session_xfpm_lock_setting.patch (+126/-0)
debian/patches/series (+1/-0)
settings/xfpm-settings.c (+7/-1)
src/xfpm-xfconf.c (+50/-2)
| information type: | Private Security → Public Security |
| Samantha Davis (samantha-april-davis) wrote | #1 |
| Launchpad Janitor (janitor) wrote | #2 |
| affects: | ubuntu → xfce4-power-manager (Ubuntu) |
| Changed in xfce4-power-manager (Ubuntu): | |
| status: | New → Triaged |
| Changed in xfce4-power-manager (Ubuntu): | |
| status: | New → Confirmed |
| Jarno Suni (jarnos) wrote | #3 |
| affects: | linuxmint → xfce4-session |
| Changed in xfce4-session: | |
| importance: | Undecided → Unknown |
| status: | New → Unknown |
| summary: |
- XFCE will not lock screen when suspending via log out dialog. + inconsistent settings for lock screen between xfce4-session and + xfce4-power-manager |
| Launchpad Janitor (janitor) wrote | #4 |
| Changed in xfce4-session (Ubuntu): | |
| status: | New → Confirmed |
| Launchpad Janitor (janitor) wrote | #5 |
| Changed in xfce4-power-manager (Ubuntu): | |
| status: | Triaged → Fix Released |
| no longer affects: | xfce4-session (Ubuntu) |
| Thaddaeus Tintenfisch (thad-fisch-deactivatedaccount) wrote | #6 |
| Changed in xfce4-power-manager: | |
| status: | New → Fix Released |
| Changed in xfce4-power-manager (Ubuntu): | |
| assignee: | nobody → Sean Davis (smd-seandavis) |
| Changed in xfce4-power-manager: | |
| assignee: | nobody → Sean Davis (smd-seandavis) |
|
|
#12 |
| Changed in xfce4-session: | |
| importance: | Unknown → Wishlist |
| status: | Unknown → Confirmed |
| Changed in xfce4-session: | |
| status: | Confirmed → Fix Released |
I've marked this bug major, as it causes a user-defined security setting's failure.
I've a full xfce install on Arch Linux, and I've noticed the following:
In xfce4-power-
However, I think the REAL way of quitting your desktop is by design, tradition, logic and whatever, is by the xfce4-session-
Tested: GUI (suspend/hibernate) xfce4-session-
CLI xfce4-session-
Does not work.
So there's an inconsistency between the two utilities, and I thionk, because Xfce is a Desktop Environment, its elements should respect each others settings.
And I think the one that has to be modified is Xfce-session-
package: xfce4-session 4.10.0-3