I found out about this just yesterday. If a user is logged in on a different terminal, they can kill a locked gnome-screensaver and have free reign of the desktop.
Granted, leaving oneself logged in on multiple tty's is bad practice in itself, but there should be something that prevents the killing of gnome-screensaver. That being said, how is a security loophole like this only a 'Wishlist' item? -- killing the screensaver gives access https://bugs.launchpad.net/bugs/446218 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gnome-screensaver in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
