X.Org that for many of the Linux distributions as the displayserver is used, contains a remarkable vulnerability. A screensaver with a password would be easily circumvented by a combination.
From a blog post on a French site, which shows that in X.org 1.11 and later a debug option suddenly is turned on by default. The option makes it possible to program the mouse and keyboard ‘grabbing’, to close, and is built for testing purposes. It is unclear why the option suddenly is turned on by default, but it is certain, however, that this unwanted consequences.
Many screensaver-software of Linux works namely by an application fullscreen and all incoming keyboard and mouse events to grab. When motion is detected, the screen saver software to do two things: immediately the desktop view or, if the screensaver is set to, a user, a password type.
The latter is the error when the debug option is enabled. By the key combination ctrl+alt+f10 to print all active grabs rendered harmless by ctrl+alt+f11, press all programs, concluded that the mouse or the keyboard claim. This includes also the screensaver if it is enabled.
In practice therefore, the computer of a person using a screen saver, the computer has been secured, can be easily circumvented. Therefore, a computer must be physically accessible and on, but for example in office or school environments can the ‘vulnerability’ pose.
Linux-fansite Phoronix has the vulnerability can reproduce. Among others, upcoming versions of Ubuntu, Debian, Arch Linux and Gentoo would be vulnerable. The new releases of the desktop environments, Gnome and KDE contain the software already. Although many Linux-distributions of plan to X.org in exchange for the new displayserver Wayland, but that transition has not yet been made.