RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

+++ This bug was initially created as a clone of Bug #1147917 +++

It was discovered [1] that PrtSc key is not disabled when the screen is locked.

Taking a bunch of screenshots at once bloats gnome-shell to the point
where it's pretty easy to get it targeted by the kernel's oom-killer.
This means that anyone with access to the keyboard of a locked GNOME
session can (briefly) disable the lockscreen, which lets them see and
interact with the running gnome session.

This might be fixed in gnome-shell 3.14.1, some patches available in the original bugreport [1].

[1]: https://bugzilla.gnome.org/show_bug.cgi?id=737456

--- Additional comment from Murray McAllister on 2014-10-02 22:17:43 EDT ---


Created gnome-shell tracking bugs for this issue:

Affects: fedora-all [bug 1149039]

--- Additional comment from Vasyl Kaigorodov on 2014-10-06 07:00:52 EDT ---

CVE-2014-7300 was assigned for:

"PrtSc is an unauthenticated request that's available to untrusted
parties. A series of requests can consume a large amount of memory.
The combination of this PrtSc behavior and the existence of the
oom-killer allows authentication bypass for command execution.
Therefore, the product must limit the aggregate memory consumption of
all active requests, and the lack of this limit is a vulnerability."

http://seclists.org/oss-sec/2014/q4/91

With gnome-shell-3.8.4-45.el7, I am seeing that PrntScrn is still enabled on the lock screen, but holding it down for 2+ minutes did not cause a crash and subsequent security breach. Is the fix that PrtScrn is disabled on the lock screen or something else?

I believe the fix is to disable multiple concurrent screenshots at a time. So now it only allows one at a time so it can't overwhelm the system.

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0535.html

(In reply to Ray Strode [halfline] from comment #4)
> I believe the fix is to disable multiple concurrent screenshots at a time.
> So now it only allows one at a time so it can't overwhelm the system.

That was indeed the original fix that went into 7.1. Upstream there was also an accompanying gnome-settings-daemon change that disabled screenshots altogether when locked, however I don't think it was backported to RHEL. The desktop rebase in 7.2 will bring it in though.