Created attachment 690646 [details] screenshot1.jpg Description of problem: New lock screen in FC18 discloses information about what is currently on the screen. This has got impact to security of FC18 desktop because it can lead to disclosure of some confidential information. The way how the image is generated for the slide-over cover for the unlock screen sometimes takes screenshot from the current desktop. This might disclose some unwanted information. Attaching screenshots as examples. When this happens the same screenshot is usually used even when I unlock the screen and lock it again from the status menu or "gnome-screensaver-command -l" Version-Release number of selected component (if applicable): Fedora 18 gnome-shell-3.6.2-6.fc18.x86_64 gdm-3.6.2-5.fc18.x86_64 gnome-screensaver-3.6.1-1.fc18.x86_64 How reproducible: 20% Steps to Reproduce: I am not sure what exactly is THE trigger for this issue to reproduce. Actually the cover of locksreen is sometimes blank and sometimes with background image - hard to say whether it is feature or part of this bug). Manifestation of this bug might have somethin to do with using dual screen, suspend, hibernate, changing power status of connected monitors between lock/unlock, suspend/wake-up. Best success to reproduce I was having with these steps (but I would swear it happened with just simple one-of-many lock screen): 1. reboot 2. login 3. run terminal 4. hibernate 5. wake up Actual results: Cover image which slides over the login screen contains the screenshot from desktop, which might leak some unwanted information. Expected results: I expect that blank screen or pristine background image will be displayed without desktop icons or without screenshot of applications running.
Created attachment 690647 [details] screenshot1a.jpg
Created attachment 690648 [details] screenshot2.jpg
Created attachment 690649 [details] screenshot3.jpg
The method used to generate the shield background seems to be a bit racy. For example, I’ve seen it use a capture of the cross-fade between the login wallpaper and my personal wallpaper before. The same slightly random capture is also used as the faded-out background for the overview, instead of just using the wallpaper. If desktop icons are enabled, sometimes (but not always, ~50% of logins) the icons are also visible in the lock shield, which I regard as a minor security issue. They also look cluttered superimposed behind the overview dash.
Some bugs depend on whether or not Nautilus is managing the desktop; is that the case with this one?
This message is a reminder that Fedora 18 is nearing its end of life. Approximately 4 (four) weeks from now Fedora will stop maintaining and issuing updates for Fedora 18. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '18'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 18's end of life. Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 18 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior to Fedora 18's end of life. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
Fedora 18 changed to end-of-life (EOL) status on 2014-01-14. Fedora 18 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.