Hi,
I have just experienced a pretty severe security issue. I am running Leap 42.1 with KDE Plasma and today is the first time I have experienced this.
Basically, after locking the screen, I am able to unlock it again without supplying the password if I close and then open the lid.
Not entirely sure when this was introduced and it does not appear to be the case on all computers. A friend of mine is also running the same setup and he does not have this flaw.
Everything OK in the land of Gnome (just to help track down the issue).
Closing the lid puts the laptop on “suspend to RAM”, both with screen-lock enabled or not.
Opening the lid the system “awakens” with lock-screen enabled, even if screen-lock was off on closing the lid.
Hi
I disable via /etc/systemd/logind.conf and HandleLidSwitch=ignore, but screen lock still works in Gnome…
@aptushana, no modifications made to /etc/systemd/logind.conf?
Nope, no modifications to logind.conf.
I tried to film the behaviour to show it in action. Sorry for the crappy “filming a screen” effect.
[video=vimeo;152798671]https://vimeo.com/152798671[/video]
Hi
Sounds like a bug, so in the configuration settings there isn’t any settings for lock screen, or maybe sddm (login manager)?
What are the sleep setting? Closing the lid often triggers sleep which may be set not to require a password
@gogalthorp The lid action is set to “Do nothing” specifically to stop it from going into sleep mode when closing the lid.
@malcolmlewis in the SDDM settings in the KDE settings menu, auto-login is disabled which I assume is what would normally cause you to not need to enter your password if enabled.
Not entirely sure why the sleep settings would interfere with the lock screen though even if sleeping didn’t require you to enter your password on awakening. It can’t be the intended behaviour that the sleep settings would bypass the lock screen on an already locked computer?
Also not entirely sure if this issue even lies in OpenSUSE or if it in the domain of KDE5 Plasma heh.