Keyboard shortcut works even when the screen is locked

This is fixed with the latest compiz.

This is not fixed in Gutsy. Travis, do you know what patch is needed to get this fixed for Gutsy in a post-release security update?

It looks like gnome-screensaver looses its lock when the screensaver window gets unredirected by compiz.

When compiz finds a fullscreen window, it calls "XCompositeUnredirectWindow()" on it. This has side effects that confuse gnome-screensavers lock dialog. It assume it has the keyboard grab already, when in fact it does not have it:

[gs_grab_move_keyboard] gs-grab-x11.c:324 (00:41:01): Window 2200024 is already grabbed, skipping
[gs_grab_move_mouse] gs-grab-x11.c:264 (00:41:01): Window 2200024 is already grabbed, skipping

the proposed fix changes this so that it will always (re)grab the keyboard.

This change needs to be tested as widely as possible before we publish it.

This fixes the problem for me and does not cause any problem with metacity or unredirect disabled.

I applied the patch to gnome-screensaver-2.20.0-0ubuntu4 and was no longer able to use keyboard shortcuts to affect applications or launch them.

I can confirm the changes work under metacity for me too.

I uploaded the fix to gutsy-proposed now, if it is good there and there are no regressions it should go to -security.

I couldn't find the package in -proposed, but built from the dediff. The changes work fine for me under metacity.

gnome-screensaver (2.20.0-0ubuntu4.2) gutsy-security; urgency=low

  * SECURITY UPDATE: screen lock bypass via shortcuts when compiz running.
  * Add debian/patches/05_locking_for_compiz.patch: patch for lock dialog for
    when Compiz is enabled from Michael Vogt (LP: #145123).
  * References
    https://launchpad.net/bugs/145123

 -- Brian Murray <email address hidden> Thu, 18 Oct 2007 13:00:47 -0700

Before the patch, i was able to press alt+f2 and type "killall -9 gnome-screensaver" and voila, the desktop appeared!
After the patch thought, this is not possible anymore.

2.20.0-0ubuntu4.2 still posesses this problem for me on fglrx 8.42.3, AIGLX, Compiz (apart from fglrx, no unofficial stuff)

Lock screen, I can still alt-tab and see the running windows.

I am unsure if this is an fglrx bug, but somehow I don't think so.

UPDATE: It only seems to work when freshly logged in, lock screen, then ALT+TAB without triggering the lock screen dialog. After unlocking once, further relocking does not allow the escape. It seems to be a fix, but still with some fringe cases unresolved?

After talking to Travis a bit, this is probably a fglrx 8.42 bug.... Just to make sure, I'll provide my steps to reproduce; if nobody else can reproduce it then please ignore me :)

(1) Lock screen
(2) Note that alt+tab doesn't work, and gnome-screensaver's dialog has the focus
(3) Hold down super, and scroll (as if trying to zoom in)
(4) You'll notice gnome-screensaver loses focus and zooming actually works
(5) ALT+F2 and killall gnome-screensaver

Using the steps outlined by John Dong I was able to bypass gnome-screensaver version 2.20.0-0ubuntu4.2 with the -intel xorg driver so it seems not to be specific to the fglrx driver.

Distribution: Ubuntu 8.04 (HardyHeron) PreAlpha
Kernel: 2.6.22-14-AMD64
Gnome-Screensaver: 2.20.0-0ubuntu4.2

Since i'dont use Ubuntu-Effects, but Compiz-Fusion from actual GIT, i cannot reproduce gnome-screensavers behaviour by the steps of John Dong. The keycombination SUPER+SCROLLWHEEL (ZOOM) doesn't make the gnome-screensavers dialog loose its focas and i cannot hit ALT+F2 to kill it. Maybe its a bug in Ubuntu-Compiz-Stable (i call it Ubuntu-Effects). Nice, thanks for a new Ubuntu-Gutsy-Screen-Lock-Hack, John Dong (just making fun of it) :D

The problem is that grabs get lost when XCompositeUnredirectWindow is called. We can either prevent this by explicitely excluding gnome-screensaver or by rewriting the code so that compiz does not redirect by default but checks first if the window is a fullscreen window and on top of the stack. The later option is the better fix but requires more careful review and testing.

@CyperDelic: could you please try to use ezoom instead of zoom (our default) and see if you can reproduce the problem?

that should probably include xscreensaver as well (xubuntu users might use compiz etc)

@ogra: I was not able to reproduce this problem with xscreensaver. It seems to be more robust against this sort of problem.

@Michael Vogt:

I had Zoom AND enhanced Zoom activated, but even if I disable Zoom and stay on eZoom and restart Fusion I can't manage to phreak gnome-screensaver. No Bug for me! But as I said, I completely uninstalled all compiz repositories from ubuntu and installed compiz master from GIT. Gnome-screensaver screenlock works fine for me.

Does the new method to bypass the screensaver affect x-screensaver? If so, perhaps the fix could be made to test for "*-screensaver".

Confirming that John Dong's method to bypass screen locking works for me using nvidia-glx-new drivers.

I applied the debdiff to compiz version compiz_0.6.0+git20071008-0ubuntu2 and was no longer able to bypass gnome-screensaver.

In regards to x-screensaver there is no way, that I could find, to leave the password entry field. Additionally, the zoom plugin does not work x-screensaver.

I just noticed today that I could zoom in when the screen was locked, and then suddenly realized my Amarok shortcuts were working. Since reading these comments, I realize I can also type a command into a run dialog while the screen is locked. Just zoom in, and shortcuts start working. Ubuntu Gutsy with gnome-screensaver 2.20.0-0ubuntu4.2 and compiz 1:0.6.0+git20071008-0ubuntu1.

compiz (1:0.6.0+git20071008-0ubuntu1.1) gutsy-security; urgency=low

  * SECURITY UPDATE: gnome-screensaver can still lose focus in compiz.
  * debian/patches/030_fix_screensaver: Never unredirect the
    gnome-screensaver to avoid that is loses its keyboard grab
    (LP: #145123).
  * References
    CVE-2007-3920

 -- Michael Vogt <email address hidden> Sat, 27 Oct 2007 12:01:24 -0400

gnome-screensaver (2.20.0-0ubuntu4.2) gutsy-security; urgency=low

  * SECURITY UPDATE: screen lock bypass via shortcuts when compiz running.
  * Add debian/patches/05_locking_for_compiz.patch: patch for lock dialog for
    when Compiz is enabled from Michael Vogt (LP: #145123).
  * References
    https://launchpad.net/bugs/145123

 -- Brian Murray <email address hidden> Thu, 18 Oct 2007 13:00:47 -0700

compiz (1:0.6.2+git20071018-0ubuntu2) hardy; urgency=low

  * debian/patches/030_fix_screensaver:
    - never unredirect the gnome-screensaver window to prevent
      breaking the keyboard grab (#145123)

 -- Michael Vogt <email address hidden> Mon, 29 Oct 2007 12:57:25 -0400