2024-05-22 13:15:44 |
Sebastian D |
description |
Dear Security Team of Ubuntu,
I am running Ubuntu 22.04.4 LTS with 6.5.0-35-generic with the sway desktop manager in multi user mode.
I installed sway and its dependencies via apt which installs around 2 year old versions.
sway version 1.7-1
swaylock version 1.5-2ubuntu1
swaybg version 1.0-2build1
swayidle version 1.7-1 (part of sway)
i3status 2.13-3 © 2008
I have an automatic lock function that also turns off the screens after a certain timeout in my sway configuration.
# Idle Lockscreen
exec swayidle -w \
timeout 300 'swaylock -f -c 000000' \
timeout 360 'swaymsg "output * power off"' \
resume 'swaymsg "output * power on"' \
before-sleep 'swaylock -f -c 000000'
Now the problem. As soon as I resume the screen is turned on but automatically unlocked. This corresponds with a bugreport I have found on Red Hat https://bugzilla.redhat.com/show_bug.cgi?id=2066597 which also describes this problem with swaylock under Fedora on swaylock v 1.5 which is fixed under swaylock 1.6. Please consider updating the packages of sway, swaylock for security concerns in Ubuntu 22.04 LTS.
This is btw also the case when I change the resume string to.
resume 'swaymsg "output * power on"; swaylock -f -c 000000' \
I currently have a workaround which shows my screens unlocked for a full 2 seconds. But this is not the solution to the problem.
resume 'swaymsg "output * dpms on"; sleep 2 ; swaylock -f -c 000000' \
A friend of mine also has Ubuntu 22.04.4 LTS installed but installed sway and sway dependencies via https://guix.gnu.org/ and does not have this security incident running swaylock version 1.7.2.
For further questions and information please don't hesitate to contact me.
Greetings,
Sebastian Dichler |
Dear Security Team of Ubuntu,
I am running Ubuntu 22.04.4 LTS with 6.5.0-35-generic with the sway desktop manager in multi user mode.
I installed sway and its dependencies via apt which installs around 2 year old versions.
sway version 1.7-1
swaylock version 1.5-2ubuntu1
swaybg version 1.0-2build1
swayidle version 1.7-1
i3status 2.13-3 © 2008
I have an automatic lock function that also turns off the screens after a certain timeout in my sway configuration.
# Idle Lockscreen
exec swayidle -w \
timeout 300 'swaylock -f -c 000000' \
timeout 360 'swaymsg "output * power off"' \
resume 'swaymsg "output * power on"' \
before-sleep 'swaylock -f -c 000000'
Now the problem. As soon as I resume the screen is turned on but automatically unlocked. This corresponds with a bugreport I have found on Red Hat https://bugzilla.redhat.com/show_bug.cgi?id=2066597 which also describes this problem with swaylock under Fedora on swaylock v 1.5 which is fixed under swaylock 1.6. Please consider updating the packages of sway, swaylock for security concerns in Ubuntu 22.04 LTS.
This is btw also the case when I change the resume string to.
resume 'swaymsg "output * power on"; swaylock -f -c 000000' \
I currently have a workaround which shows my screens unlocked for a full 2 seconds. But this is not the solution to the problem.
resume 'swaymsg "output * dpms on"; sleep 2 ; swaylock -f -c 000000' \
A friend of mine also has Ubuntu 22.04.4 LTS installed but installed sway and sway dependencies via https://guix.gnu.org/ and does not have this security incident running swaylock version 1.7.2.
For further questions and information please don't hesitate to contact me.
Greetings,
Sebastian Dichler |
|