Author Topic: Lock Screen insecure  (Read 6611 times)

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26452
  • Karma: 65531
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
Re: Lock Screen insecure
« Reply #15 on: December 18, 2016, 12:33:29 pm »
Okay reboot to go back to the defaults, and I'll keep digging....

Cheers murraymint :)
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline Partymack711

  • Newly Subscribed
  • *
  • Posts: 12
  • Karma: 0
  • New Forum User
    • View Profile
  • Peppermint version(s): 7
Re: Lock Screen insecure
« Reply #16 on: December 19, 2016, 09:09:12 am »
Thanks for looking into this PCNetspec/

I updated to Raspin yesterday and also jumped to 64bit.  I'll check tonight if this is still happening.

Offline murraymint

  • Trusted User
  • Veteran
  • *****
  • Posts: 2180
  • Karma: 457
  • soft boiled with a yolk of gold
    • View Profile
  • Peppermint version(s): 7, 8, 9
Re: Lock Screen insecure
« Reply #17 on: September 11, 2017, 04:26:34 am »
Confirming that it does screenlock after suspend as default behaviour, and depending on system speed there is a slight delay before the screenlock kicks in.

I resumed from suspend and typed my password immediately. It was entered into a skype chat as plain text before the screenlock came up. Fortunately I was still offline and it wasn't sent. Not exactly ideal though...

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26452
  • Karma: 65531
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
Re: Lock Screen insecure
« Reply #18 on: September 11, 2017, 06:07:26 am »
Possibly not ideal, but if someone has local  access to your PC it's never totally secure anyway .. a screenlock should NEVER be considered part of a computers "security".

If it bothers you, switch to light-locker .. but don't treat that as "secure" either, there is no such thing if someone has local access.
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline murraymint

  • Trusted User
  • Veteran
  • *****
  • Posts: 2180
  • Karma: 457
  • soft boiled with a yolk of gold
    • View Profile
  • Peppermint version(s): 7, 8, 9
Re: Lock Screen insecure
« Reply #19 on: September 11, 2017, 06:35:02 am »
It doesn't bother me particularly but I don't understand why it locks after resume, not before suspend. My concern was if the password had been transmitted via Skype, not someone doing things locally in the few seconds' gap.

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26452
  • Karma: 65531
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
Re: Lock Screen insecure
« Reply #20 on: September 11, 2017, 08:28:20 am »
Do you mean hibernate or suspend ?

My machine locks BEFORE going into suspend, but AFTER resuming from hibernate.
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26452
  • Karma: 65531
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
Re: Lock Screen insecure
« Reply #21 on: September 11, 2017, 09:00:37 am »
Okay if you want it to lock the screen BEFORE it enters suspend or hibernate, open a terminal and run:
Code: [Select]
sudo pluma /etc/pm/sleep.d/00screenlock-lockwhen a BLANK file opens, make it read:-
Code: [Select]
#!/bin/sh
#
# 00screenlock-lock: apply screenlock on hibernate or suspend

 case "$1" in
   hibernate|suspend)
      loginctl lock-sessions
   ;;
   thaw|resume)
   ;;
   *) exit $NA
   ;;
esac
SAVE the file and exit the text editor.

Now make that file executable by running:
Code: [Select]
sudo chmod +x /etc/pm/sleep.d/00screenlock-lockand now test hibernation and suspend.



To UNDO:
Code: [Select]
sudo rm -v /etc/pm/sleep.d/00screenlock-lock
« Last Edit: September 11, 2017, 10:22:14 am by PCNetSpec »
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline pin

  • Veteran
  • ****
  • Posts: 1838
  • Karma: 280
    • View Profile
Re: Lock Screen insecure
« Reply #22 on: September 11, 2017, 12:20:29 pm »
Sorry guys, but had to test this!

If I suspend from the menu, it takes one or two seconds and it locks.
When coming back IT IS LOCKED, I have to type my password before I can access anything. This is on Peppermint 7 Respin, 64b, vanilla.

I don't really care. I always power-off before leaving my machine.
With such quick boot times, what's the point with suspend? It takes almost the same time as a cold boot [emoji23]

Skickat från min SM-G900F via Tapatalk


Offline murraymint

  • Trusted User
  • Veteran
  • *****
  • Posts: 2180
  • Karma: 457
  • soft boiled with a yolk of gold
    • View Profile
  • Peppermint version(s): 7, 8, 9
Re: Lock Screen insecure
« Reply #23 on: September 11, 2017, 12:33:34 pm »

and now test hibernation and suspend.

I don't ever hibernate so I just tested suspend. It seems slightly better after doing that, but I still have time to type a few characters after resuming before the screenlock can stop me. This is on PM7 respin.

Offline murraymint

  • Trusted User
  • Veteran
  • *****
  • Posts: 2180
  • Karma: 457
  • soft boiled with a yolk of gold
    • View Profile
  • Peppermint version(s): 7, 8, 9
Re: Lock Screen insecure
« Reply #24 on: September 11, 2017, 12:34:27 pm »
what's the point with suspend?
It's much faster than a cold boot and you save power while leaving your work open. Pretty obvious, I'd have thought ;)

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26452
  • Karma: 65531
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
Re: Lock Screen insecure
« Reply #25 on: September 11, 2017, 12:43:10 pm »
I've only tested the above on PM8, but it works for me.

As I said, (on PM8) even without the above tweak my system definitely locks BEFORE going to SUSPEND .. it's only HIBERNATE where it locks after resuming, but the above fixes that.
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline murraymint

  • Trusted User
  • Veteran
  • *****
  • Posts: 2180
  • Karma: 457
  • soft boiled with a yolk of gold
    • View Profile
  • Peppermint version(s): 7, 8, 9
Re: Lock Screen insecure
« Reply #26 on: September 11, 2017, 12:46:25 pm »
Might be worth mentioning that this is if I start typing before my monitor lights up.

Edit: I tried rebooting just in case but it seems that fix doesn't do anything on PM7.
« Last Edit: September 11, 2017, 12:55:12 pm by murraymint »

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26452
  • Karma: 65531
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
Re: Lock Screen insecure
« Reply #27 on: September 11, 2017, 12:59:28 pm »
when you go for suspend, do you actually SEE the lock come on before the PC goes to sleep ?
(I do in PM8)

How are you entering suspend ?

And is "Lock screen when system is going for sleep" ticked in the xfce4-power-manager ?
« Last Edit: September 11, 2017, 01:01:01 pm by PCNetSpec »
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline murraymint

  • Trusted User
  • Veteran
  • *****
  • Posts: 2180
  • Karma: 457
  • soft boiled with a yolk of gold
    • View Profile
  • Peppermint version(s): 7, 8, 9
Re: Lock Screen insecure
« Reply #28 on: September 11, 2017, 01:07:56 pm »
when you go for suspend, do you actually SEE the lock come on before the PC goes to sleep ?
(I do in PM8)
No, it pretty much instantly clicks off into suspend state.

Quote
How are you entering suspend ?
Via the Peppermint menu and the logout menu

Quote
And is "Lock screen when system is going for sleep" ticked in the xfce4-power-manager ?
It wasn't but I just did that and nothing changed.

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26452
  • Karma: 65531
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
Re: Lock Screen insecure
« Reply #29 on: September 11, 2017, 01:26:00 pm »
I'll reinstall PM7 tomorrow and see what I can find
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec