Bug 177755 - CVE-2006-2933 occasionally KDE screensaver fails to start
Summary: CVE-2006-2933 occasionally KDE screensaver fails to start
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: kdebase
Version: 3.0
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Ngo Than
QA Contact: Ben Levenson
Whiteboard: source=it,reported=20051011,public=no...
Keywords: Desktop, Security
Depends On:
Blocks: 190430
TreeView+ depends on / blocked
Reported: 2006-01-13 18:06 UTC by Issue Tracker
Modified: 2007-11-30 22:07 UTC (History)
4 users (show)

Clone Of:
Last Closed: 2006-07-25 12:25:32 UTC

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2006:0576 normal SHIPPED_LIVE Moderate: kdebase security fix 2006-07-25 04:00:00 UTC

Comment 1 Issue Tracker 2006-01-13 18:06:09 UTC
From User-Agent: XML-RPC

This is another tough one to troubleshoot because it's not easily reproducible.  As the Summary line says, occassionally the screensaver in KDE does not start.  What's worse, if you try to forcibly lock the screen and start the screensaver, nothing happens.  This is annoying if you need to lock your screen and leave your desk.

Usually the only way to fix this is to logout and login again which most of our users do not like because it takes a long time to load up Cadence and the other EDA applications upon a fresh login.

Fortunately, xscreensaver works as a backup system.
This event sent from IssueTracker by alanm
 issue 81430

Comment 7 Issue Tracker 2006-01-13 18:06:31 UTC
From User-Agent: XML-RPC

To forcibly lock the screen and start the screensaver, you can hit
CTRL-ALT-L or choose "Lock Screen" from the KDE Menu or right click on
the desktop and choose "Lock Screen" or enable the "Lock/Logout Applet"
in the KDE Kicker bar and choose the padlock button.

Attached is a sysreport from my machine: this just happened to me a few
days ago.

It is very rare, so this is going to be tough to troubleshoot.  I suspect
we're going to have to do something like an strace on the kdesktop process
when a machine gets wedged into this state and hope that tells us
something.  The kdesktop process is what's responsible for launching
kdesktop_lock which in turn starts the screensaver process

This has probably been fixed in later versions of KDE, but unfortunately
we're tied to RHEL3 for the moment since that's what the EDA vendors


This event sent from IssueTracker by alanm
 issue 81430

Comment 36 Issue Tracker 2006-01-18 15:54:27 UTC
From User-Agent: XML-RPC

Just posting this in the hopes that it will help.  I'm not sure if this
got lost in all the updates to this ticket or not.  I used to run into this
issue frequently in RHEL 3 on my laptop and the only way to resolve it was
to kill the kde desktop locking process.  Since I've upgraded to RHEL 4
I've *never* seen this happen.  Evidently something was fixed between 3.2
and 3.3 (if I have the version numbers correct, but you get the point).  I
did try to see, from KDE's bugzilla where this might have been fixed but
had no luck.  I'm willing to try that again if someone can give me an idea
of what I need to be looking for.

This event sent from IssueTracker by dmair
 issue 81430

Comment 41 Ngo Than 2006-03-07 12:44:47 UTC
I can now reproduce this problem on my test machine. The problem is that a 
kdesktop_lock process is running without the screensaver running.  
I have found a way to reproduce this: set the screensaver trigger to 
something like one minute. In the screensaver kcm, "Test" another screenaver 
and allow it to run for long enough for kdesktop to execute kdesktop_lock to 
start the normal screensaver. The result is that the kdesktop_lock keeps 
running in the background, waiting for something to happen, without 
terminating properly. 
I have built new kdebase-3.1.3-5.10, which should resolve this problem. You 
find kdebase-3.1.3-5.10.i386.rpm, kdebase-devel-3.1.3-5.10.i386.rpm  
on porkchop:/home/devel/than/ 
Could you please verify this fix? Thanks 

Comment 56 Mark J. Cox 2006-06-29 07:42:49 UTC
I support an immediate async security errata for this issue as it "breaks a
security promise".  Note that we'd need packages that just contain the fix for
this issue with no additional bug fixes.  Will this also happen on RHEL2.1?

Comment 58 Ngo Than 2006-06-29 13:29:23 UTC
it only happens on RHEL3.

Comment 66 Mark J. Cox 2006-07-25 11:58:43 UTC
Removing embargo.

Comment 67 Red Hat Bugzilla 2006-07-25 12:25:34 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.