Lock screen can be bypassed using a large monitor

Bug #1396205 reported by James Coglan on 2014-11-25
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
gnome-screensaver (Ubuntu)
Undecided
Unassigned

Bug Description

$ lsb_release -rd
Description: Ubuntu 12.04.5 LTS
Release: 12.04

I've managed to reproduce an error that lets me interact with applications while the lock screen is active. Here are the steps to reproduce, as specifically as I've been able to tell:

1. I have my Dell XPS laptop attached to a Benq desktop monitor via the laptop's mini DVI port. The laptop is closed, the screen is unlocked, and the desktop monitor shows my Ubuntu desktop and apps.

2. Unplug the display cable from the laptop and open the laptop up. Wait a couple of seconds for the monitor to report no input device. The screen should still be unlocked and the laptop screen should show the OS desktop.

3. Plug the display cable back in, and immediately close the laptop.

4. Observe that moving the mouse (Evoluent vertical mouse attached to an Apple keyboard, plugged into the laptop via USB) does not bring up the login dialog. The desktop monitor remains blank.

5. Open the laptop lid slightly, and as soon as the screen blacks out, close it again. The desktop monitor should remain blank.

6. Move the mouse. This time, the lock screen login dialog appears on the desktop monitor, but it does not cover the whole desktop. I am able to interact with a web browser running behind the lock screen, read pages, click links, etc.

It seems like the lock screen is drawn for my laptop's small screen, and then not enlarged for the bigger monitor, leaving apps visible and accepting mouse input.

See the attached image for an example. I can repro this bug every time by following the above instructions.

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: unity 5.20.0-0ubuntu3
ProcVersionSignature: Ubuntu 3.13.0-40.69~precise1-generic 3.13.11.10
Uname: Linux 3.13.0-40-generic x86_64
ApportVersion: 2.0.1-0ubuntu17.8
Architecture: amd64
CompizPlugins: [core,composite,opengl,compiztoolbox,decor,vpswitch,move,snap,place,session,gnomecompat,mousepoll,regex,resize,imgpng,grid,unitymtgrabhandles,animation,workarounds,wall,fade,scale,expo,ezoom,unityshell]
Date: Tue Nov 25 14:53:21 2014
EcryptfsInUse: Yes
InstallationMedia: Ubuntu 12.04.3 LTS "Precise Pangolin" - Release amd64 (20130820.1)
MarkForUpload: True
ProcEnviron:
 LANGUAGE=en_GB:en
 TERM=xterm-256color
 PATH=(custom, no user)
 LANG=en_GB.UTF-8
 SHELL=/bin/bash
SourcePackage: unity
UpgradeStatus: No upgrade log present (probably fresh install)

James Coglan (jcoglan) wrote :
information type: Private Security → Public Security
affects: unity (Ubuntu) → gnome-screensaver (Ubuntu)
Changed in gnome-screensaver (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers