Re: 3.6 Feature: Lock Screen

[Bastien Nocera <hadess hadess net>]

On Thu, 2012-04-26 at 19:00 -0400, Jasper St. Pierre wrote:
> On Thu, Apr 26, 2012 at 6:41 PM, Tomas Frydrych
> <tf+lists gnome r-finger com> wrote:
> > Hi,
> >
> > On 25/04/12 23:38, Marina Zhurakhinskaya wrote:
> >> Technically, the code for fading out the screen and displaying the
> >> lock screen when the user becomes active again will be added to GNOME
> >> Shell, and the gnome-screensaver will no longer be used.
> >
> > There are security implications of this proposed change. In the event
> > the Shell crashes, you cannot make any assumptions, and therefore any
> > guarantees, about how much of the state will be recovered, and hence
> > that lock will not be compromised. Even if the Shell does restart
> > successfully, the content of the desktop is visible for the time it
> > takes the Shell to restart, which is by no means negligible.
> >
> > Considering how often Mutter crashes (I see about 3-4 crashes an hour),
> 
> Bug references? We should not be crashing 3-4 times per hour.

Whether or not it crashes isn't the point, the screensaver should be
built in such a way that it crashing doesn't reveal the actual desktop.
gnome-screensaver is split in 2 programs for that:
- gnome-screensaver, which blocks the screen
- gnome-screensaver-dialog which shows the dialog, and drives the pam
conversations

the -dialog can crash all it wants, it won't actually unlock the screen.

> > the WM is a completely unsuitable process to be endowed with any
> > security responsibilities. I think the screen lock needs to remain a
> > separate process with a singular focus rather yet another thing for the
> > WM to deal with.

In any case, Marina and Giovanni are going to be working on it, and I'm
sure they'll be asking Ray for help, who already knows this all too
well.

Cheers