Screen not locked when turned off

Bug #620693 reported by Joel Ebel
42
This bug affects 5 people
Affects Status Importance Assigned to Milestone
gnome-power-manager (Ubuntu)
Fix Released
Medium
Chris Coulson
Lucid
Fix Released
Undecided
Unassigned
Natty
Invalid
Undecided
Unassigned

Bug Description

Binary package hint: gnome-power-manager

All settings I refer to here are gconf settings relative to /apps/gnome-power-manager unless fully qualified.

If the value for timeout/sleep_display_ac (in seconds) is less than that of /desktop/gnome/session/idle_delay (in minutes) then the screen is blanked before the screensaver is activated.

gnome-power-manager offers gconf options, described in its manual, for causing the screen to be locked when the screen is blanked. This can in theory be set by enabling lock/blank_screen or enabling lock/use_screensaver_settings if /apps/gnome-screensaver/lock_enabled is set.

The problem is that neither of these settings appear to work. As a result, if the screen is blanked before the screensaver starts, or if the screensaver is disabled entirely, the screen does not get locked when blanked. These settings do not appear to behave as described in the manual.

The manual also describes that power management timers begin only after session idle, but that doesn't appear to be the case anymore. power management timers now appear to start immediately, independent of session idle_delay. This documentation should be updated.

Revision history for this message
Pedro Villavicencio (pedro) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. A new version of GNOME Power Manager is available on Maverick and we are wondering if this bug is still an issue for you with that version? Could you please test and comment back? Thanks in advance.

Changed in gnome-power-manager (Ubuntu):
status: New → Incomplete
Revision history for this message
Joel Ebel (jbebel) wrote :

The behavior is still the same in Maverick. The screen does not lock when the screen is blanked, even if lock/black_screen is checked, or lock/use_screensaver_settings is checked and screensaver lock is enabled.

The gnome power manager manual also still has inaccurate information regarding when the idle timers start for power management functions.

Changed in gnome-power-manager (Ubuntu):
status: Incomplete → New
Revision history for this message
Pedro Villavicencio (pedro) wrote :

Thanks for the report, it has been some time without any response or feedback in this bug report and we are wondering if this is still an issue for you with the latest release of Ubuntu the Natty Narwhal, May you please test with that version and comment back if you're still having or not the issue? Please have a look at http://www.ubuntu.com/download to know how to install that version.Thanks in advance and sorry for the late response.

Changed in gnome-power-manager (Ubuntu):
importance: Undecided → Low
status: New → Incomplete
Revision history for this message
Joel Ebel (jbebel) wrote :

I no longer work on the team responsible for maintaining this. I'll leave it and see if anyone on Goobuntu Team cares to test it or speak up. It may not be important to them anymore. However, this is really easy to reproduce, should you want to test it yourself. I just don't have anything newer than Lucid, since we stick with the LTS.

to reproduce, assuming the options haven't changed in natty
1. set /apps/gnome-power-manager/timeout/sleep_display_ac to less than /desktop/gnome/session/idle_delay
2a. set /apps/gnome-power-manager/lock/blank_screen OR
2b. set /apps/gnome-screensaver/lock_enabled and /apps/gnome-power-manager/lock/use_screensaver_settings
3. wait until the sleep_delay_ac time expires, and watch the screen turn off. See if it's locked or not.

komputes (komputes)
Changed in gnome-power-manager (Ubuntu):
status: Incomplete → Confirmed
Revision history for this message
komputes (komputes) wrote :

To boil down this "bug":

1 -If the screensaver is disabled entirely, the screen does not get locked.

2 -If the screen is blanked before the screensaver starts the screen does not get locked.

The first statement, I would assume is to be expected since gnome-screensaver is the software responsible for locking the screen. If you do not enable gnome-screensaver, you will not have the possibility to lock the screen, that's a given.

But the second statement seems like an issue to me. I reproduced this on the 10.04 Desktop without touching gconf directly.

Steps:
1) System > Preferences > Power Management
-Put display to sleep when inactive for [1 min]
2) System > Preferences > Screensaver
-Screensaver [Blank Screen]
-Regard the computer as idle after [3 min]
-[x] Lock screen when screensaver is active
3) Walked away for 5 minutes (screen turned off after 1)
4) Upon return, moved the mouse, screen turns on, no password prompt.

Workaround: Ctrl-Alt-L (lock screen)
Fix: I will escalate (for the second statement) to try and get this assigned.

Changed in gnome-power-manager (Ubuntu):
assignee: nobody → David Bensimon (davidbensimon)
komputes (komputes)
Changed in gnome-power-manager (Ubuntu):
assignee: David Bensimon (davidbensimon) → Canonical Desktop Team (canonical-desktop-team)
status: Confirmed → Triaged
Changed in gnome-power-manager (Ubuntu):
assignee: Canonical Desktop Team (canonical-desktop-team) → Chris Coulson (chrisccoulson)
komputes (komputes)
Changed in gnome-power-manager (Ubuntu):
importance: Low → Medium
Revision history for this message
Chris Coulson (chrisccoulson) wrote :

I can't recreate this. Could somebody on an affected system please post the output of "gconftool -R /desktop/gnome/session /apps/gnome-power-manager /apps/gnome-screensaver"

Revision history for this message
komputes (komputes) wrote :

@chrisccoulson - I was able to reproduce this. Are you using steps from comment #5, and are you testing on 10.04?

Revision history for this message
Alex Moldovan (alexmoldovan) wrote :

I can't reproduce the bug following comment #5 on Ubuntu 10.04.3 LTS.

Revision history for this message
komputes (komputes) wrote :

@chrisccoulson - Here is the output of "gconftool -R /desktop/gnome/session /apps/gnome-power-manager /apps/gnome-screensaver" after I was able to reproduce the issue.

Revision history for this message
Torsten Spindler (tspindler) wrote :

For me it sometimes locks the screen, sometimes it doesn't. From my testing I could so far not detect any patterns.

Revision history for this message
Torsten Spindler (tspindler) wrote :

I did some more structured testing this morning and on 20 occasions the screen was always locked. However, /apps/gnome-power-manager/lock/use_screensaver_settings was set to false, not to true as in step 2b. I'll retest with use_screensaver_settings set to true.

Revision history for this message
Torsten Spindler (tspindler) wrote :

10 more tests also resulted in screen being locked. For the record, here are the gconf keys:

gconftool-2 --get /apps/gnome-power-manager/lock/use_screensaver_settings
true

gconftool-2 --get /apps/gnome-screensaver/lock_enabled
true

gconftool-2 --get /desktop/gnome/session/idle_delay
5

gconftool-2 --get /apps/gnome-power-manager/timeout/sleep_display_ac
60

Is there anything missing from my testing?

Revision history for this message
Michael Terry (mterry) wrote :

Torsten, note that use_screensaver_settings is false in the gconf dump in comment #9. Step 2b controls /apps/gnome-screensaver/lock_enabled not /apps/gnome-power-manager/lock/use_screensaver_settings

That said, using the exact same settings from the gconf dump, I also can't reproduce (7 tries with up-to-date 10.04 in a VM). I'll try on bare metal soon.

Revision history for this message
Michael Terry (mterry) wrote :

Same on bare metal after fresh install and following the steps in comment 5. I feel like there may be a reproduction step that hasn't been noticed yet.

Revision history for this message
Michael Terry (mterry) wrote :

Aha! I hit it twice on the LiveCD. I initially thought that not upgrading after installing 10.04.3 was the answer to reproducing. But I tried a fresh install and no luck.

One thing I noticed is that on a LiveCD, the "Lock screen when screensaver is active" preference is off by default. But on an install, it's on by default. There may be other preference differences that account for the behavior change.

I'll look into it more tomorrow.

Revision history for this message
Michael Terry (mterry) wrote :

I could not find other relevant gconf changes. And besides, the LiveCD reproduction, while reproducable, isn't helpful. The Lucid LiveCD has the RUNNING_UNDER_GDM environment variable set, which disables screen locking.

This variable was not set in my actual installation. I did think that maybe autologin would affect things (maybe there was a bug where autologin turned on RUNNING_UNDER_GDM). But that's not the case. I can't reproduce with autologin either.

So I'm back to square one: trying to find a way to reproduce this.

Revision history for this message
Michael Terry (mterry) wrote :

Oh my goodness. I've been going by the reproduction steps in comment #5, where I can't reproduce the problem. But a closer reading of the original report and the reproduction steps in comment #4 make me realize I have misunderstood.

The problem isn't that if you wait for your system to be idle, you don't get a lock, the problem is that if you wait for the screen to blank *but before the screensaver determines your system is idle*, you don't get a lock.

Sorry for the confusion. I'll investigate whether the problem is bad documentation of the gconf keys or if there is a bug in the power manager.

Revision history for this message
Michael Terry (mterry) wrote :

Found it. Just a straight up bug in gnome-power-manager, it seems. I've got the lucid debdiff here. Will test and see which other releases are affected. I will also shortly upload this to lucid-proposed.

Revision history for this message
Michael Terry (mterry) wrote :

This is not needed for 10.10 or 11.04, as those have redefined the timeout/sleep_display_ac key to be a timeout *after* the screensaver determines the system is idle. So you can't hit this bug anymore, as the screen will never blank when the system isn't idle.

This is also not needed for 11.10, as GNOME 3 has completely changed the keys used. The lock/blank settings seem to work from my testing. Thus, I'll mark this Fix Released.

For the 10.04 SRU, the justification is that this is a bit of a security concern: users could set their system up to lock after blanking and expect that when the screen goes blank, they can safely walk away.

To test:

1) System > Preferences > Power Management
-Put display to sleep when inactive for [1 min]
2) System > Preferences > Screensaver
-Regard the computer as idle after [5 min]
3) gconftool-2 -t bool -s /apps/gnome-power-manager/lock/blank_screen true
4) Wait for screen to blank after 1m
5) Wiggle mouse, note that screen was not locked like step #3 would have you believe

Changed in gnome-power-manager (Ubuntu):
status: Triaged → Fix Released
Revision history for this message
Martin Pitt (pitti) wrote : Please test proposed package

Hello Joel, or anyone else affected,

Accepted gnome-power-manager into lucid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in gnome-power-manager (Ubuntu Lucid):
status: New → Fix Committed
tags: added: verification-needed
Revision history for this message
tekstr1der (tekstr1der) wrote :

I've followed this bug specifically due to natty 11.04 behavior. The screen does not lock after blank.

gconf settings:

lock > blank_screen is true
lock > use_screensaver_settings is false

The display blanks correctly at the time set in the G-P-M settings. However, the screen does not lock thereafter.

My workaround, while waiting on this bug, has been to enable the screensaver and its option to lock the screen. I will then set the screen to blank at 10 minutes and the screensaver to kick in/lock at 11 minutes. That leaves me with only 1 minute where I'm in this unexpectedly insecure state.

While testing, I've disabled the screensaver options (desired behavior) to focus solely on the blank/lock issue.

Any ideas Michael Terry?

Revision history for this message
Joel Ebel (jbebel) wrote :

Martin, this new package looks good on Lucid. I went through the testing procedure before the package, and the screen did not lock. After installing the new package, without changing settings, the screen did indeed lock.

Michael, thanks for taking a look at this.

Revision history for this message
Michael Terry (mterry) wrote :

tekstr1der, you are right. I'll open an 11.04 (and maybe 10.10) task now. I had not tested those without the screensaver enabled at all. A similar patch is likely the solution.

tags: added: verification-done
removed: verification-needed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gnome-power-manager - 2.30.0-0ubuntu1.1

---------------
gnome-power-manager (2.30.0-0ubuntu1.1) lucid-proposed; urgency=low

  * debian/patches/13-lock-on-blank.patch:
    - When we blank due to a timeout, make sure to lock (in case
      we've blanked before the screensaver is active). LP: #620693
 -- Michael Terry <email address hidden> Wed, 21 Sep 2011 15:28:15 -0400

Changed in gnome-power-manager (Ubuntu Lucid):
status: Fix Committed → Fix Released
Rolf Leggewie (r0lf)
Changed in gnome-power-manager (Ubuntu Natty):
status: New → Incomplete
Revision history for this message
Rolf Leggewie (r0lf) wrote :

Setting natty task to invalid as per comment 19

PLEASE NOTE: I'm fairly sure the fix for this fairly minor problem has introduced a serious regression for me in that frequently my computer will not recover from suspend anymore. I've lost data and had other serious trouble because of it: bug 884017

Changed in gnome-power-manager (Ubuntu Natty):
status: Incomplete → Invalid
Revision history for this message
Thomas Bushnell, BSG (tbushnell) wrote :

Let me stress that this is not a "fairly minor problem", but is a critical security vulnerability in some contexts.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.