Ubuntu
gnome-screensaver package

Lock screen can be bypassed using a large monitor

Bug #1396205 reported by James Coglan on 2014-11-25

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	gnome-screensaver (Ubuntu)	Confirmed	Undecided	Unassigned

Bug Description

$ lsb_release -rd
Description: Ubuntu 12.04.5 LTS
Release: 12.04

I've managed to reproduce an error that lets me interact with applications while the lock screen is active. Here are the steps to reproduce, as specifically as I've been able to tell:

1. I have my Dell XPS laptop attached to a Benq desktop monitor via the laptop's mini DVI port. The laptop is closed, the screen is unlocked, and the desktop monitor shows my Ubuntu desktop and apps.

2. Unplug the display cable from the laptop and open the laptop up. Wait a couple of seconds for the monitor to report no input device. The screen should still be unlocked and the laptop screen should show the OS desktop.

3. Plug the display cable back in, and immediately close the laptop.

4. Observe that moving the mouse (Evoluent vertical mouse attached to an Apple keyboard, plugged into the laptop via USB) does not bring up the login dialog. The desktop monitor remains blank.

5. Open the laptop lid slightly, and as soon as the screen blacks out, close it again. The desktop monitor should remain blank.

6. Move the mouse. This time, the lock screen login dialog appears on the desktop monitor, but it does not cover the whole desktop. I am able to interact with a web browser running behind the lock screen, read pages, click links, etc.

It seems like the lock screen is drawn for my laptop's small screen, and then not enlarged for the bigger monitor, leaving apps visible and accepting mouse input.

See the attached image for an example. I can repro this bug every time by following the above instructions.

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: unity 5.20.0-0ubuntu3
ProcVersionSignature: Ubuntu 3.13.0-40.69~precise1-generic 3.13.11.10
Uname: Linux 3.13.0-40-generic x86_64
ApportVersion: 2.0.1-0ubuntu17.8
Architecture: amd64
CompizPlugins: [core,composite,opengl,compiztoolbox,decor,vpswitch,move,snap,place,session,gnomecompat,mousepoll,regex,resize,imgpng,grid,unitymtgrabhandles,animation,workarounds,wall,fade,scale,expo,ezoom,unityshell]
Date: Tue Nov 25 14:53:21 2014
EcryptfsInUse: Yes
InstallationMedia: Ubuntu 12.04.3 LTS "Precise Pangolin" - Release amd64 (20130820.1)
MarkForUpload: True
ProcEnviron:
LANGUAGE=en_GB:en
TERM=xterm-256color
PATH=(custom, no user)
LANG=en_GB.UTF-8
SHELL=/bin/bash
SourcePackage: unity
UpgradeStatus: No upgrade log present (probably fresh install)

Tags:

Revision history for this message

James Coglan (jcoglan) wrote on 2014-11-25:

IMAG1631.jpg Edit (929.2 KiB, image/jpeg)
Dependencies.txt Edit (7.3 KiB, text/plain; charset="utf-8")
GconfCompiz.txt Edit (37.0 KiB, text/plain; charset="utf-8")

Marc Deslauriers (mdeslaur) on 2014-11-25

information type:	Private Security → Public Security
affects:	unity (Ubuntu) → gnome-screensaver (Ubuntu)
Changed in gnome-screensaver (Ubuntu):
status:	New → Confirmed

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntugnome-screensaver package