Re: 3.6 Feature: Lock Screen

[Tomas Frydrych <tf+lists gnome r-finger com>]

On 27/04/12 05:45, Stef Walter wrote:
> On 04/27/2012 01:00 AM, Jasper St. Pierre wrote:
>>>
>>> Considering how often Mutter crashes (I see about 3-4 crashes an hour),
>>
>> Bug references? We should not be crashing 3-4 times per hour.
> 
> 3-4 times a day for me. Here are some bugs, they're in the Red Hat
> bugzilla because they were filed with Fedora Abrt. These hardly
> represent the number of crashes though, because nearly always "the
> backtrace isn't usable".

Indeed, but (funny that Mutter just crashed on me!) security can't be
based on what should happen when all goes right. In the Shell the WM is
a massive kitchen sink into which all kinds of stuff is thrown in,
including 3rd party extensions. There are two separate issues at stake
here:

(a) the user password/credentials should never be allowed to enter that
sink,

(b) since the security of the screen lock relies on a window that covers
the desktop and stays over the desktop no matter what, that window must
not be owned by the WM, but has to be owned by a process that has no
other responsibility than making that happen.

> FWIW on some of my machines, the screensaver is already pretty funny
> security-wise. When coming back from sleep. It shows the desktop screen
> for several seconds before locking the screen. 

Yes, that's the compositor coming back online and initially using some
stale texture from before the screen lock appeared (this is clearly
visible if your desktop changes while being locked, e.g., with some new
IM conversations).

I am sure that both the designers and developers involved appreciate
that the primary purpose of a screen lock is neither to be pretty nor to
be easy to unlock, and that these functional issues will be resolved at
the same time as improving the UX. :)

Tomas