2015-01-13 10:44:57 |
Martin Meredith |
bug |
|
|
added bug |
2015-01-13 10:46:58 |
Martin Meredith |
bug task added |
|
xubuntu-meta (Ubuntu) |
|
2015-01-13 10:47:47 |
Martin Meredith |
bug |
|
|
added subscriber Alex Denvir |
2015-01-13 10:48:36 |
Martin Meredith |
xubuntu-meta (Ubuntu): importance |
Undecided |
Critical |
|
2015-01-13 10:52:56 |
Martin Meredith |
bug |
|
|
added subscriber Light-Locker Devs |
2015-01-13 10:53:39 |
Martin Meredith |
bug |
|
|
added subscriber Ubuntu Security Team |
2015-01-13 10:54:11 |
Martin Meredith |
removed subscriber Ubuntu Security Team |
|
|
|
2015-01-13 10:56:04 |
Martin Meredith |
bug |
|
|
added subscriber Ubuntu Security Team |
2015-01-13 11:00:14 |
Simon Steinbeiß |
xubuntu-meta (Ubuntu): status |
New |
Invalid |
|
2015-01-13 11:09:14 |
Martin Meredith |
xubuntu-meta (Ubuntu): status |
Invalid |
Incomplete |
|
2015-01-13 11:11:29 |
Launchpad Janitor |
light-locker (Ubuntu): status |
New |
Confirmed |
|
2015-01-13 11:14:39 |
Simon Steinbeiß |
xubuntu-meta (Ubuntu): status |
Incomplete |
Invalid |
|
2015-01-13 11:18:07 |
Martin Meredith |
xubuntu-meta (Ubuntu): status |
Invalid |
Incomplete |
|
2015-01-13 11:55:42 |
Martin Meredith |
xubuntu-meta (Ubuntu): status |
Incomplete |
Invalid |
|
2015-01-13 11:57:07 |
Martin Meredith |
bug task added |
|
openldap (Ubuntu) |
|
2015-01-13 11:58:08 |
Martin Meredith |
bug task added |
|
policykit-1 (Ubuntu) |
|
2015-01-13 11:58:36 |
Martin Meredith |
information type |
Private Security |
Public Security |
|
2015-01-15 12:10:33 |
Launchpad Janitor |
openldap (Ubuntu): status |
New |
Confirmed |
|
2015-01-15 12:10:33 |
Launchpad Janitor |
policykit-1 (Ubuntu): status |
New |
Confirmed |
|
2015-01-15 21:00:53 |
Alberto Salvia Novella |
openldap (Ubuntu): importance |
Undecided |
Critical |
|
2015-01-15 21:00:57 |
Alberto Salvia Novella |
policykit-1 (Ubuntu): importance |
Undecided |
Critical |
|
2015-01-16 00:12:44 |
Alberto Salvia Novella |
description |
Because of light locker being added to Xubuntu, it's now possible to bypass the screen lock.
light-locker creates a lockscreen on VT8 - however, we can switch back to the original VT using keyboard commands, meaning that we have full access to the user's desktop.
Steps:
Install Xubuntu
Create user with password
Login as that user
Lock screen (xflock4 or ctrl+alt+delete)
Hit Ctrl+alt+f7
Use the system without using a password to unlock.
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: light-locker 1.4.0-0ubuntu1
ProcVersionSignature: Ubuntu 3.13.0-43.72-generic 3.13.11.11
Uname: Linux 3.13.0-43-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.6
Architecture: amd64
CurrentDesktop: XFCE
Date: Tue Jan 13 10:34:10 2015
InstallationDate: Installed on 2015-01-06 (6 days ago)
InstallationMedia: Xubuntu 14.04 LTS "Trusty Tahr" - Release amd64 (20140416.2)
ProcEnviron:
LANGUAGE=en_GB:en
PATH=(custom, no user)
LANG=en_GB.UTF-8
SHELL=/bin/zsh
SourcePackage: light-locker
UpgradeStatus: No upgrade log present (probably fresh install) |
HOW TO REPRODUCE:
1. Create an user account with password.
2. Login in the new account using the XFCE desktop environment.
3. Lock the screen.
4. Hit the Ctrl+Alt+F7 key combination.
EXPECTED BEHAVIOUR:
- The user session to be unavailable due to no password being entered.
REAL BEHAVIOUR:
- The session is accessible without entering its password, due to the VT8 being bypassed to the original VT using the Ctrl+Alt+F7 key combination.
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: light-locker 1.4.0-0ubuntu1
ProcVersionSignature: Ubuntu 3.13.0-43.72-generic 3.13.11.11
Uname: Linux 3.13.0-43-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.6
Architecture: amd64
CurrentDesktop: XFCE
Date: Tue Jan 13 10:34:10 2015
InstallationDate: Installed on 2015-01-06 (6 days ago)
InstallationMedia: Xubuntu 14.04 LTS "Trusty Tahr" - Release amd64 (20140416.2)
ProcEnviron:
LANGUAGE=en_GB:en
PATH=(custom, no user)
LANG=en_GB.UTF-8
SHELL=/bin/zsh
SourcePackage: light-locker
UpgradeStatus: No upgrade log present (probably fresh install) |
|
2015-01-16 00:14:38 |
Alberto Salvia Novella |
summary |
Able to bypass screen lock. |
Ctrl+Alt+F7 bypasses the lock-screen under XFCE |
|
2015-01-16 00:15:58 |
Alberto Salvia Novella |
bug task added |
|
hundredpapercuts |
|
2015-01-16 00:16:08 |
Alberto Salvia Novella |
hundredpapercuts: status |
New |
Confirmed |
|
2015-01-16 00:16:10 |
Alberto Salvia Novella |
hundredpapercuts: importance |
Undecided |
Critical |
|
2015-01-16 00:16:49 |
Alberto Salvia Novella |
nominated for series |
|
Ubuntu Trusty |
|
2015-01-16 00:18:07 |
Alberto Salvia Novella |
summary |
Ctrl+Alt+F7 bypasses the lock-screen under XFCE |
Ctrl+Alt+F7 bypasses the light-locker lock-screen under XFCE |
|
2015-01-16 00:18:27 |
Alberto Salvia Novella |
summary |
Ctrl+Alt+F7 bypasses the light-locker lock-screen under XFCE |
Ctrl+Alt+F7 bypasses light-locker lock-screen under XFCE |
|
2015-01-16 00:19:19 |
Alberto Salvia Novella |
summary |
Ctrl+Alt+F7 bypasses light-locker lock-screen under XFCE |
Ctrl+Alt+F7 bypasses the light-locker lock-screen under XFCE |
|
2015-01-16 00:32:44 |
Alberto Salvia Novella |
hundredpapercuts: status |
Confirmed |
Incomplete |
|
2015-01-16 00:32:49 |
Alberto Salvia Novella |
light-locker (Ubuntu): status |
Confirmed |
Incomplete |
|
2015-01-16 00:32:52 |
Alberto Salvia Novella |
openldap (Ubuntu): status |
Confirmed |
Incomplete |
|
2015-01-16 00:32:58 |
Alberto Salvia Novella |
policykit-1 (Ubuntu): status |
Confirmed |
Incomplete |
|
2015-01-16 00:38:27 |
Alberto Salvia Novella |
tags |
amd64 apport-bug third-party-packages trusty |
amd64 apport-bug asked-to-upstream third-party-packages trusty |
|
2015-01-16 01:18:42 |
Adolfo Jayme Barrientos |
bug task deleted |
xubuntu-meta (Ubuntu) |
|
|
2015-01-16 11:57:11 |
Martin Meredith |
bug watch added |
|
https://bugs.freedesktop.org/show_bug.cgi?id=88492 |
|
2015-01-16 11:57:11 |
Martin Meredith |
bug task added |
|
light-locker |
|
2015-01-16 11:57:46 |
Martin Meredith |
affects |
light-locker |
policykit-1 |
|
2015-01-16 12:04:26 |
Martin Meredith |
bug task added |
|
openldap |
|
2015-01-16 12:05:04 |
Martin Meredith |
hundredpapercuts: status |
Incomplete |
Confirmed |
|
2015-01-16 12:05:08 |
Martin Meredith |
light-locker (Ubuntu): status |
Incomplete |
Confirmed |
|
2015-01-16 12:05:11 |
Martin Meredith |
openldap (Ubuntu): status |
Incomplete |
Confirmed |
|
2015-01-16 12:05:14 |
Martin Meredith |
policykit-1 (Ubuntu): status |
Incomplete |
Confirmed |
|
2015-01-16 12:57:34 |
Martin Meredith |
bug task deleted |
openldap |
|
|
2015-01-16 13:04:17 |
Bug Watch Updater |
policykit-1: status |
Unknown |
Confirmed |
|
2015-01-16 13:04:17 |
Bug Watch Updater |
policykit-1: importance |
Unknown |
Medium |
|
2015-01-16 17:36:20 |
Martin Meredith |
light-locker (Ubuntu): status |
Confirmed |
Invalid |
|
2015-01-16 17:36:23 |
Martin Meredith |
openldap (Ubuntu): status |
Confirmed |
Invalid |
|
2015-01-16 17:36:26 |
Martin Meredith |
policykit-1 (Ubuntu): status |
Confirmed |
Invalid |
|
2015-01-16 17:36:37 |
Martin Meredith |
bug task added |
|
libpam-ldap (Ubuntu) |
|
2015-01-16 17:36:45 |
Martin Meredith |
libpam-ldap (Ubuntu): status |
New |
Incomplete |
|
2015-01-16 17:36:48 |
Martin Meredith |
libpam-ldap (Ubuntu): status |
Incomplete |
Confirmed |
|
2015-01-16 17:36:50 |
Martin Meredith |
libpam-ldap (Ubuntu): importance |
Undecided |
Critical |
|
2015-01-16 17:39:02 |
Martin Meredith |
hundredpapercuts: status |
Confirmed |
Invalid |
|
2015-01-16 17:39:15 |
Martin Meredith |
bug task deleted |
policykit-1 (Ubuntu) |
|
|
2015-01-16 17:39:18 |
Martin Meredith |
bug task deleted |
openldap (Ubuntu) |
|
|
2015-01-16 17:39:22 |
Martin Meredith |
bug task deleted |
libpam-ldap (Ubuntu) |
|
|
2015-01-16 17:39:32 |
Martin Meredith |
bug task deleted |
light-locker (Ubuntu) |
|
|
2015-01-16 17:39:50 |
Martin Meredith |
bug task added |
|
libpam-ldap (Ubuntu) |
|
2015-01-16 17:40:03 |
Martin Meredith |
libpam-ldap (Ubuntu): status |
New |
Confirmed |
|
2015-01-16 17:40:05 |
Martin Meredith |
libpam-ldap (Ubuntu): importance |
Undecided |
Critical |
|
2015-01-16 17:43:20 |
Martin Meredith |
bug task added |
|
libnss-ldap (Ubuntu) |
|
2015-01-16 17:51:42 |
Alberto Salvia Novella |
libnss-ldap (Ubuntu): importance |
Undecided |
Critical |
|
2015-01-16 17:51:48 |
Alberto Salvia Novella |
libnss-ldap (Ubuntu): status |
New |
Triaged |
|
2015-01-16 17:51:52 |
Alberto Salvia Novella |
libpam-ldap (Ubuntu): status |
Confirmed |
Triaged |
|
2015-01-16 18:05:24 |
Ryan Tandy |
bug |
|
|
added subscriber Ryan Tandy |
2015-01-16 19:17:22 |
Alberto Salvia Novella |
bug task deleted |
hundredpapercuts |
|
|
2015-01-16 21:45:53 |
Nathan Stratton Treadway |
bug |
|
|
added subscriber Nathan Stratton Treadway |
2015-01-18 18:19:31 |
Bug Watch Updater |
policykit-1: status |
Confirmed |
Invalid |
|
2016-06-16 19:13:15 |
keshavbhatt |
libnss-ldap (Ubuntu): status |
Triaged |
Confirmed |
|
2016-06-16 19:13:19 |
keshavbhatt |
libpam-ldap (Ubuntu): status |
Triaged |
Confirmed |
|