Ivan Jager
2010-Aug-28 19:10 UTC
[Secure-testing-team] Bug#594728: xscreensaver crashes leaving screen unlocked
Package: xscreensaver
Version: 5.11-1
Severity: grave
Tags: security
Justification: user security hole
xscreensaver ocasionally crashes leaving my desktop unlocked. I''m not
sure how to reproduce it other than just using xscreensaver normally
for like a week. I''m also not sure whether it happens while locking
the screen or shortly after. It''s happened to me 4 times now, and
seems to be most common when I lock my screen and come back a few
minutes later, which seems to indicate it is something that happens
per screen locking rather than by the amount of time elapsed.
Anyways, after the previous crash I tried running it in a terminal so
I could see any output. Today it crashed again around 14:45. Here is
what it printed:
xscreensaver: 18:36:48: authentication via PAM timed out.
xscreensaver: 19:25:22: authentication via PAM timed out.
xscreensaver: 23:10:17: authentication via PAM timed out.
xscreensaver: 20:03:22: authentication via PAM timed out.
xscreensaver: 20:29:50: authentication via PAM timed out.
xscreensaver: 07:02:40: 0: child pid 16903 (<unknown>) exited abnormally
(code 1).
XIO: fatal IO error 10 (No child processes) on X server ":0.0"
after 595760 requests (595736 known processed) with 1 events remaining.
I will try running it again with -sync (and try to remember to check
that it locks when I lock my screen). Is there anything else I should do
to figure out what''s going on?
Thanks,
Ivan
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (990, ''testing''), (500,
''unstable'')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/dash
Versions of packages xscreensaver depends on:
ii libatk1.0-0 1.30.0-1 The ATK accessibility toolkit
ii libc6 2.11.2-2 Embedded GNU C Library: Shared lib
ii libcairo2 1.8.10-4 The Cairo 2D vector graphics libra
ii libfontconfig1 2.8.0-2.1 generic font configuration library
ii libfreetype6 2.4.2-1 FreeType 2 font engine, shared lib
ii libglade2-0 1:2.6.4-1 library to load .glade files at ru
ii libglib2.0-0 2.24.1-1 The GLib library of C routines
ii libgtk2.0-0 2.20.1-1 The GTK+ graphical user interface
ii libice6 2:1.0.6-1 X11 Inter-Client Exchange library
ii libpam0g 1.1.1-4 Pluggable Authentication Modules l
ii libpango1.0-0 1.28.1-1 Layout and rendering of internatio
ii libsm6 2:1.1.1-1 X11 Session Management library
ii libx11-6 2:1.3.3-3 X11 client-side library
ii libxext6 2:1.1.2-1 X11 miscellaneous extension librar
ii libxinerama1 2:1.1-3 X11 Xinerama extension library
ii libxml2 2.7.7.dfsg-4 GNOME XML library
ii libxmu6 2:1.0.5-1 X11 miscellaneous utility library
ii libxpm4 1:3.5.8-1 X11 pixmap library
ii libxrandr2 2:1.3.0-3 X11 RandR extension library
pn libxrender1 <none> (no description available)
ii libxt6 1:1.0.7-1 X11 toolkit intrinsics library
ii libxxf86vm1 1:1.1.0-2 X11 XFree86 video mode extension l
ii xscreensaver-data 5.11-1 data files to be shared among scre
Versions of packages xscreensaver recommends:
ii libjpeg-progs 8b-1 Programs for manipulating JPEG fil
pn perl5 <none> (no description available)
ii wamerican [wordlist] 6-3 American English dictionary words
ii xli 1.17.0+20061110-3 command line tool for viewing imag
Versions of packages xscreensaver suggests:
ii epiphany-browser [www-brows 2.30.2-3 Intuitive GNOME web browser
pn fortune <none> (no description available)
ii galeon [www-browser] 2.0.7-2.1+b1 GNOME web browser for advanced use
ii lynx-cur [www-browser] 2.8.8dev.4-2 Text-mode WWW Browser with NLS sup
ii midori [www-browser] 0.2.4-3 fast, lightweight graphical web br
pn qcam | streamer <none> (no description available)
pn xdaliclock <none> (no description available)
pn xfishtank <none> (no description available)
pn xscreensaver-gl <none> (no description available)
-- no debconf information