Ubuntu
unity package

unity retains focus on virtualbox session when locked

Bug #1342903 reported by Jackson McCrea
262
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Unity
Invalid
Undecided
Unassigned
unity (Ubuntu)
Invalid
High
Unassigned

Bug Description

While using virtualbox in fullscreen mode, CTRL + ALT + L, leaves focus with the virtual machine. However this still locks the host's unity session. This leaves all key events trapped in the virtual machine, so typing in your password becomes impossible. After a reboot all functionality returned.

This could be a potential security hazard, depending on the virtual machine being used, as it allows arbitrary commands to be executed through a locked unity session without any authentication.

lsb_release -rd
    Description: Ubuntu 14.04 LTS
    Release: 14.04

apt-cache policy unity
unity:
  Installed: 7.2.1+14.04.20140513-0ubuntu2
  Candidate: 7.2.1+14.04.20140513-0ubuntu2
  Version table:
 *** 7.2.1+14.04.20140513-0ubuntu2 0
        500 http://ca.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages
        100 /var/lib/dpkg/status

Jackson McCrea (frodo2777)
information type: Private Security → Public
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in unity (Ubuntu):
status: New → Confirmed
Marco Trevisan (Treviño) (3v1n0)
Changed in unity:
status: New → Confirmed
Revision history for this message
pcworld (pcworld) wrote :

Possibly duplicate of bug 1322769? (Though that one doesn't specifically mention that the entered password is leaked to the VM.)

information type: Public → Public Security
Alberto Salvia Novella (es20490446e)
Changed in unity (Ubuntu):
importance: Undecided → High
Revision history for this message
Alex Baggott (alex-baggott) wrote :

Thank you for taking the time to report this bug. We have tried to recreate this on the latest release of Ubuntu and cannot reproduce it. This bug is being marked as Invalid. If you believe the problem to still exist in the latest version of Ubuntu please comment on why that is the case and change the bug status to NEW.

Changed in unity:
status: Confirmed → Invalid
Changed in unity (Ubuntu):
status: Confirmed → Invalid
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.