Just checked on 16, and it looks like this has been corrected. Behavior now is that it displays a spash screen on every monitor saying that the session it locked and I will be redirected shortly, then I get the lock screen on all displays.
I'd say this can be closed. On 8/25/18 4:15 AM, Theo Linkspfeifer wrote: > Now almost three years and several versions later is this security issue > still present when using a multi monitor setup? > > ** Changed in: light-locker (Ubuntu) > Status: Triaged => Incomplete > -- ------------------------------------------------------------ Nathan Neulinger nn...@neulinger.org Neulinger Consulting (573) 612-1412 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/1515662 Title: Major security issue with light-locker - console switching gives access to other screens for a few seconds Status in light-locker package in Ubuntu: Incomplete Status in lightdm package in Ubuntu: Invalid Bug description: light-locker is completely insecure for X configurations with multiple screens that are not using a single display. My setup - 4 monitors, nvidia, each with separate screen. If I lock screen and then control-alt-f7 back to X, only one single screen is protected. After several seconds, it forces a switch to the lock display, but in the mean time, the other three screens are COMPLETELY UNPROTECTED. It only takes a few seconds to launch a terminal and killall light- locker and I have unrestricted access to all. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/light-locker/+bug/1515662/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
