Open Radar

 
10-Jul-2013 06:53 AM J. Scott Houchin:
Summary:

When connecting to a Mountain Lion system, there is no way to force use of virtual display. This is a security issue, particularly now that Mac OS X does support virtual displays, in that when I connect to a remote system, whatever I do remotely is now visible on the physical display of the remote system, and that system is now also unlocked so that a passerby could control the system, potentially unnoticed by me if the screen sharing window is hidden or not frontmost on the system from which I'm connecting.

Even in cases where you might expect Mac OS X to give me a virtual display, I am still connected to the physical display. For example, I log into the remote system as UserA. I then trigger the lock screen. 

I then go to a remote system and connect as UserB. UserB takes over the physical display, even though UserA was logged in.

In a home environment, this might not be a big deal. It's a serious problem (and in many cases a security violation) in the corporate environment.

Steps to Reproduce:

Connect to a remote Mac OS X system as UserB when UserA is logged into the physical system and the system is at the lock screen. Or just connect to a remote system as UserB when no user is logged in.

A VNC password is not currently set for either screen sharing or remote management.

Expected Results:

I should be given a virtual display (due to a preference set on the remote system), not based on client choice

Actual Results:

I am given access to the physical display.

Regression:

I am connecting from a 10.6.8 system. Only if UserA is at an active screen (normal desktop, not at the lock screen) am I given a virtual display.
 
Notes: