gnome-shell lockscreen bypass with printscreen key

[Daniel Kahn Gillmor <dkg () fifthhorseman net>]

hi OSS-security folks--

gnome-shell currently handles the lockscreen for modern versions of gnome.

gnome-shell also handles the "take a screenshot" action, which is mapped
by default to the prtsc key.

the prtsc key is not disabled when the screen is locked.

taking a bunch of screenshots at once bloats gnome-shell to the point
where it's pretty easy to get it targeted by the kernel's oom-killer.

This means that anyone with access to the keyboard of a locked GNOME
session can (briefly) disable the lockscreen, which lets them see and
interact with the running gnome session:

  https://bugzilla.gnome.org/show_bug.cgi?id=737456

It looks like fixes are targeted for GNOME 3.14.1.

Regards,

        --dkg

Attachment: signature.asc
Description: OpenPGP digital signature