Ubuntu

Privacy problem: on resume Unity bar visible through GDM

Reported by Martin Eve on 2011-04-07
322
This bug affects 14 people
Affects Status Importance Assigned to Milestone
Unity
Medium
Unassigned
compiz (Ubuntu)
Medium
Sam Spilsbury
unity (Ubuntu)
Medium
Unassigned

Bug Description

Binary package hint: unity

On resume from standby mode and upon reconnection to a wireless network, the Unity global bar becomes visible behind GDM's password dialogue, thereby revealing certain user-specific confidential details. This includes the name of the wireless network, the current focused application name (including window title, which could be a sensitive web page). In addition, the currently focused application was visible for a good second on my last resume, which could certainly include confidential information.

Expected behavior: all user-specifics should remain hidden behind the GDM prompt.

ProblemType: Bug
DistroRelease: Ubuntu 11.04
Package: unity 3.8.2-0ubuntu1
ProcVersionSignature: Ubuntu 2.6.38-7.39-generic 2.6.38
Uname: Linux 2.6.38-7-generic i686
NonfreeKernelModules: fglrx
Architecture: i386
CompizPlugins: [core,bailer,detection,composite,opengl,decor,mousepoll,vpswitch,regex,animation,snap,expo,move,compiztoolbox,place,grid,imgpng,gnomecompat,wall,ezoom,workarounds,staticswitcher,resize,fade,unitymtgrabhandles,scale,session,unityshell]
Date: Thu Apr 7 11:31:20 2011
InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Alpha i386 (20100831.2)
ProcEnviron:
 LANGUAGE=en_GB:en
 PATH=(custom, user)
 LANG=en_GB.UTF-8
 SHELL=/bin/bash
SourcePackage: unity
UpgradeStatus: Upgraded to natty on 2011-04-05 (2 days ago)

Martin Eve (martineve) wrote :
visibility: private → public
Alex Launi (alexlauni) on 2011-04-12
Changed in unity:
status: New → Confirmed
Changed in unity (Ubuntu):
status: New → Confirmed
Changed in compiz (Ubuntu):
status: New → Confirmed
Changed in unity (Ubuntu):
importance: Undecided → Medium
Changed in unity:
importance: Undecided → Medium
Changed in compiz (Ubuntu):
importance: Undecided → Medium
assignee: nobody → Sam "SmSpillaz" Spilsbury (smspillaz)
tags: added: privacy
katmen (katmen) wrote :

The bug is present also in oneiric 64bit!

Marcin Juszkiewicz (hrw) wrote :

And in precise.

Lokard (darkdadaah) wrote :

I have this bug in 12.04 when I go back from a locked session.

Why do we still use this dialog box when we could systematically use the gdm greeter whenever we quit/lock/switch users ?

Omer Akram (om26er) wrote :

Note to other triagers: Please don't reduplicate for this bug even if you think the current form is wrong.

To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers