SDDM security issue: I can see the session briefly for some time before unlocking

I am using Manjaro 20.2.1 with KDE 5.79.0 / Plasma 5.21.1 on HP 15-bs164TU laptop. After I open the lid, I can see my previous session desktop and windows briefly for some time before the login screen appears. I had this issue on previous versions of Manjaro KDE as well. I think this is a serious security issue.

Settings>Power Management>Energy Saving>“ButtonEventsHandling” - When Laptop Lid Closed defaults to “turn off screen”. Change that to “sleep” or “lock” or whatever you need. Then retry your issue.

FYI, that’s not the login screen but the Plasma screen locker ─ they do look similar and people often get the two mixed up, but they are very distinct. Just think about it: if it were the login screen, then there would be no session to display, because you wouldn’t be logged in yet.

Now, given the above, one could then also posit whether there really is a security issue. The screen locker becomes active as soon as it is invoked, but when you’re waking up the system from hibernation ─ which in essence is something UNIX was never designed for ─ then there are race conditions and process dependencies to be met, and then it is indeed possible that you might see the session for a moment before the screen gets locked.

If you do not want this to happen, then I suggest you would log out before suspending/hibernating the machine. :man_shrugging:

Thanks for pointing out the difference between login screen and plasma locker. On a side note, that might explain why the plasma screen locker is scaled properly according to the screen dpi but the login screen is not.

Regarding the logging out before sleeping, as you might be already aware, the problem is that logging in takes time while unlocking is fast.

Unlocking is fast, because the session is already loaded.
If you want the lockscreen to not have this race-condition, you need to raise an issue with the kde developers, probably via

1 Like

It was already set to “sleep”.

Done. 433893 – SDDM security issue: I can see the session briefly for some time before unlocking

And a similar bug already existed. So yours is already closed.

Follow 316734 – The desktop gets displayed for couple seconds after waking the system. for any development on this bug.