Re: cinnamon-screensaver lock bypass (tested on Fedora 20)

[Murray McAllister <mmcallis () redhat com>]

On 02/12/2014 08:48 PM, Clemens Fries wrote:
> Hello,
>
> It is possible to circumvent the screen lock on a cinnamon session under Fedora
> 20 using the 'Menu' key on a keyboard. I'm posting this here, because I assume
> that this is not limited to the version shipped with Fedora.
>
> Steps to reproduce:
>
> * Start cinnamon session
> * Lock the screen (Ctrl+Alt+L)
> * Press the 'Menu' key on the keyboard
> * A menu appears for a brief moment
> * Press 'Escape'
> * Focus is now beneath the screensaver
> * Press Alt+F2
> * Start 'gnome-terminal'
> * Type 'killall cinnamon-screensaver'
>
> Seen on a fully patched Fedora 20 (February 12th, 2014). I had a brief look at
> bugzilla.redhat.com, but it seems this has not been reported. I also tested
> this on a second machine with the same outcome.

Thanks for report and testing! Filed 
https://bugzilla.redhat.com/show_bug.cgi?id=1064695 for this issue.

Cheers,

--
Murray McAllister / Red Hat Security Response Team