desktop should disable automounting when screen is locked

Bug #714958 reported by Kees Cook on 2011-02-08
22
This bug affects 3 people
Affects Status Importance Assigned to Milestone
GNOME Settings Daemon
Fix Released
Medium
nautilus (Ubuntu)
Medium
Martin Pitt
Natty
Medium
Martin Pitt

Bug Description

Binary package hint: gnome-screensaver

To avoid auto-run attacks on the system from USB auto-mounting, the desktop should revoke the "at-console" policy kit privileges while the screen is locked, or not auto-mount inserted devices, similar to how gnome-keyring flushes all keys the when locking the screen.

http://www.net-security.org/secworld.php?id=10544

ProblemType: Bug
DistroRelease: Ubuntu 11.04
Package: gnome-screensaver 2.30.2-0ubuntu1
ProcVersionSignature: Ubuntu 2.6.37-12.26-generic 2.6.37
Uname: Linux 2.6.37-12-generic x86_64
Architecture: amd64
Date: Mon Feb 7 18:24:18 2011
GconfGnomeSession:
 idle_delay = 5
  /desktop/gnome/session/required_components:
   windowmanager = metacity
GnomeSessionIdleInhibited: No
GnomeSessionInhibitors: None
ProcEnviron:
 LANGUAGE=en_US:en
 PATH=(custom, user)
 LANG=en_US.UTF-8
 LC_MESSAGES=en_US.utf8
 SHELL=/bin/bash
SourcePackage: gnome-screensaver
WindowManager: metacity
XorgConf:
 Section "ServerFlags"
  Option "DontZap" "False"
 EndSection

Kees Cook (kees) wrote :
Changed in gnome-screensaver (Ubuntu Natty):
importance: Undecided → Medium
status: New → Confirmed
assignee: nobody → Canonical Desktop Team (canonical-desktop-team)
milestone: none → natty-alpha-3
Martin Pitt (pitti) wrote :

Revoking at_console privileges is neither practical nor desired. It would mean that you couldn't access the sound card or your modem any more while the screen is locked; also, this would mean that the desktop would need to get the privilege to give back at_console privileges to itself when unlocking, which really shouldn't happen.

I think for this scenario it would make more sense to disable automounting while the screen is locked. This needs to happen in nautilus, or perhaps the gvfs volume daemon. I'll discuss that with upstream.

Moving milestone, as it isn't a release blocker, and the kind of bug fix that can be done after FF.

summary: - desktop should revoke "at-console" privs when screen is locked
+ desktop should disable automounting when screen is locked
Changed in gnome-screensaver (Ubuntu Natty):
assignee: Canonical Desktop Team (canonical-desktop-team) → Martin Pitt (pitti)
milestone: natty-alpha-3 → ubuntu-11.04
status: Confirmed → Triaged
Martin Pitt (pitti) on 2011-02-10
affects: gnome-screensaver (Ubuntu Natty) → nautilus (Ubuntu Natty)
Martin Pitt (pitti) wrote :

Sent upstream with a proposed implementation schema. I'll wait a bit to get this discussed.

Changed in nautilus:
importance: Unknown → Medium
status: Unknown → New
Kees Cook (kees) wrote :

Alternatively, _delaying_ automount until unlocked might be better, in the case of sitting back down at your system, plugging in a device, and then unlocking your screen.

Martin Pitt (pitti) on 2011-02-20
Changed in nautilus (Ubuntu Natty):
status: Triaged → In Progress
Martin Pitt (pitti) on 2011-02-21
affects: nautilus → gnome-settings-daemon
Martin Pitt (pitti) wrote :

For the record, I sent a first patch to upstream for review. This is against gnome-settings-daemon for now (as in GNOME 3 the automounting was moved there), but it's easy enough to apply to nautilus as well, once accepted upstream.

Martin Pitt (pitti) wrote :

Landed patch upstream now, with the delaying behaviour suggested in comment 4.

Changed in gnome-settings-daemon:
status: New → Fix Released
Martin Pitt (pitti) on 2011-02-22
Changed in nautilus (Ubuntu Natty):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nautilus - 1:2.32.2.1-0ubuntu6

---------------
nautilus (1:2.32.2.1-0ubuntu6) natty; urgency=low

  [ Martin Pitt ]
  * Add 17_disable_locked_automounting.patch: Defer automounting while screen
    is locked, until the screen saver becomes inactive again. (LP: #714958)

  [ Rodrigo Moya ]
  * debian/patches/96_no-null-in-g-str-hash.patch:
    - Added patch to avoid crashing on g_str_hash (LP: #718098)
 -- Martin Pitt <email address hidden> Tue, 22 Feb 2011 14:32:25 +0100

Changed in nautilus (Ubuntu Natty):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.