Fwd: Screensaver should lock screen BEFORE entering sleep.

[pww]

Folks,

While I've filed a bug report in Launchpad on this
(https://launchpad.net/distros/ubuntu/+source/acpi/+bug/31892), I
thought it would be worthwhile discussing on the lists because it's an
open question as to whether this is a bug report or a feature request
(hey, I filed the report and I'm of two minds about it).

What should the default behavior be?

Current behavior is: When resuming from sleep/hibernate (suspend to
RAM/disk), there is a brief delay before the screensaver locks the
screen and keyboard.

This is because the ACPI scripts invoke the screensaver in the resume
scripts, not in the sleep or hibernate scripts. I can understand this,
because then the lock call is made only once, and the logic is
simpler.

BUT: There is a possibility that this delay could be exploited by an
attacker. I cannot quantify the possibility, but I'd apply the
precautionary principle: Better to be safe than sorry.

To be on the safe side, the ACPI scripts should invoke the screensaver
and lock the system before entering sleep. This would eliminate (or at
least greatly mitigate) the potential vulnerability.

All thoughts welcomed,

pww
https://wiki.ubuntu.com/PeterWhittaker