Red Hat Bugzilla – Bug 969225
Information disclosure in screenlock and "Classic mode"
Last modified: 2013-06-03 19:17:39 EDT
Description of problem:
When a user has Classic mode activated, the screen lock does not cover the entire screen but allows the bottom bar to be visible. This allows for an outside user to be able to see what processes and activities the locked user had going.
A non-authorized user can interact with items in the bottom menu and also "switch" desktops via the exposed menu. If the application allows for interaction via icon it can be done by a non-authenticated user.
Which version of gnome-classic-session / gnome-shell do you have ?
I think this problem was fixed in 3.8.2
Extensions are disabled when the screen is locked, so this would be a bug in the window-list extension then (e.g. it fails in the disable() method). I'll take a look ...
I have on the system
I am running yum update and will reboot and check to see if it is still the case.
I am closing this bug. I did an update this morning, rebooted the system and then tried to replicate the bug. The problem could not show up again so I am guessing some fix somewhere in the stack for X->GDM->Gnome-Shell->PBKAC
Thank you guys for looking at it and fixing it by doing so :).