When switching from one logged in user to another, I'm having the Global Menu title from the previous user displayed after logging into the new user.
This happens under both of these situations:
Both User A and User B are logged in at the same time.
User A most recently used the computer and the screensaver locked the desktop.
User B selects "Switch User" in the unlock dialog and logs in as themself.
... or ...
Both User A and User B are logged in at the same time.
User A's session is unlocked and User B's account is selected from the "Switch User Account" dropdown at the upper right of the screen.
In either scenario, after User B enters their password, the Global Menu title at the top of the screen from User A's session is displayed at the top of User B's display until an event such as moving the mouse around causes the menu bar to be redrawn.
http://lonelyrhinoceros.com/unity-info-leak.m4v is a video demonstrating the problem.
ProblemType: Bug
DistroRelease: Ubuntu 11.10
Package: unity 4.24.0-0ubuntu2b1
ProcVersionSignature: Ubuntu 3.0.0-13.22-generic 3.0.6
Uname: Linux 3.0.0-13-generic x86_64
NonfreeKernelModules: nvidia
.proc.driver.nvidia.gpus.0: Error: [Errno 21] Is a directory: '/proc/driver/nvidia/gpus/0'
.proc.driver.nvidia.registry: Binary: ""
.proc.driver.nvidia.version:
NVRM version: NVIDIA UNIX x86_64 Kernel Module 280.13 Wed Jul 27 16:53:56 PDT 2011
GCC version: gcc version 4.6.1 (Ubuntu/Linaro 4.6.1-9ubuntu3)
.tmp.unity.support.test.0:
ApportVersion: 1.23-0ubuntu4
Architecture: amd64
CompizPlugins: [core,bailer,detection,composite,opengl,compiztoolbox,decor,snap,place,resize,imgpng,unitymtgrabhandles,regex,move,grid,gnomecompat,vpswitch,session,mousepoll,wall,animation,workarounds,expo,fade,ezoom,scale,unityshell]
CompositorRunning: compiz
Date: Tue Dec 6 22:05:37 2011
DistUpgraded: Log time: 2011-10-15 19:58:38.552557
DistroCodename: oneiric
DistroVariant: ubuntu
GraphicsCard:
nVidia Corporation GF104 [GeForce GTX 460] [10de:0e22] (rev a1) (prog-if 00 [VGA controller])
Subsystem: Micro-Star International Co., Ltd. N460GTX Cyclone 1GD5/OC [1462:2322]
InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Release amd64 (20110427.1)
JockeyStatus:
xorg:nvidia_current - NVIDIA accelerated graphics driver (Proprietary, Enabled, In use)
xorg:nvidia_current_updates - NVIDIA accelerated graphics driver (post-release updates) (Proprietary, Disabled, Not in use)
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.0.0-13-generic root=UUID=62aeddc6-25b5-4c14-a18d-140c7746fd7c ro quiet splash vt.handoff=7
SourcePackage: unity
UpgradeStatus: Upgraded to oneiric on 2011-10-16 (52 days ago)
XorgConf:
Section "Device"
Identifier "Default Device"
Option "NoLogo" "True"
EndSection
dmi.bios.date: 02/10/2011
dmi.bios.vendor: Intel Corp.
dmi.bios.version: BGP6710J.86A.1900.2011.0210.1012
dmi.board.asset.tag: Base Board Asset Tag
dmi.board.name: DP67BG
dmi.board.vendor: Intel Corporation
dmi.board.version: AAG10491-305
dmi.chassis.type: 3
dmi.modalias: dmi:bvnIntelCorp.:bvrBGP6710J.86A.1900.2011.0210.1012:bd02/10/2011:svn:pn:pvr:rvnIntelCorporation:rnDP67BG:rvrAAG10491-305:cvn:ct3:cvr:
version.compiz: compiz 1:0.9.6+bzr20110929-0ubuntu6
version.ia32-libs: ia32-libs 20090808ubuntu26
version.libdrm2: libdrm2 2.4.26-1ubuntu1
version.libgl1-mesa-dri: libgl1-mesa-dri 7.11-0ubuntu3
version.libgl1-mesa-dri-experimental: libgl1-mesa-dri-experimental N/A
version.libgl1-mesa-glx: libgl1-mesa-glx 7.11-0ubuntu3
version.nvidia-graphics-drivers: nvidia-graphics-drivers N/A
version.xserver-xorg: xserver-xorg 1:7.6+7ubuntu7
version.xserver-xorg-input-evdev: xserver-xorg-input-evdev 1:2.6.0-1ubuntu13
version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:6.14.99~git20110811.g93fc084-0ubuntu1
version.xserver-xorg-video-intel: xserver-xorg-video-intel 2:2.15.901-1ubuntu2.1
version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:0.0.16+git20110411+8378443-1
The information leakage may be very limited in scope, but it's certainly a security vulnerability.