notify user that the lock screen has been disabled
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ubuntu-release-upgrader (Ubuntu) |
Fix Released
|
Wishlist
|
Brian Murray | ||
Bionic |
Fix Released
|
High
|
Brian Murray |
Bug Description
[Impact]
Users are not notified that their lock screen is disabled during an upgrade and may left there system in an insecure location during the upgrade process.
[Test Case]
1) Configure a screen lock with a short (2 minute?) timeout
2) Upgrade from Ubuntu 16.04 to Ubuntu 18.04
3) Observe that the screen is not locked during the upgrade process and you that you were not warned about it
With the version of ubuntu-
[Regression Potential]
A new dialog is being added so there is little chance of regression.
I set an upgrade running from 12.10 to 13.04 (my second attempt, the first had failed due to loss of network), and as I expected this to take some time, locked the screen and left. I returned to an _unlocked_ screen, which is obviously a security risk.
It was showing a debconf dialog (asking if I wanted to restart cron, atd, cups and rsync after upgrading libc6, probably not the most helpful thing to ask a user who may well have no idea what these are), but the logs suggest update-manager deliberately kills gnome-screensaver before starting the install phase (possibly a fix for bug 319332 or similar problems?).
If it is not practical to have screen lock actually working during an upgrade, I suggest either disabling it right at the start and giving an appropriate message if the user tries it, or pausing and waiting for user input if the screen is locked at the point where the lock needs to be disabled.
Related branches
- Steve Langasek: Approve
- Sebastien Bacher: Approve
-
Diff: 186 lines (+66/-56)3 files modifiedDistUpgrade/DistUpgradeController.py (+55/-0)
DistUpgrade/DistUpgradeQuirks.py (+1/-56)
debian/changelog (+10/-0)
information type: | Private Security → Public Security |
Changed in update-manager (Ubuntu): | |
status: | New → Confirmed |
importance: | Undecided → Wishlist |
affects: | update-manager (Ubuntu) → ubuntu-release-upgrader (Ubuntu) |
summary: |
- screen unlocks itself during upgrade to 13.04 + disable screensaver locking at start of upgrade |
Changed in ubuntu-release-upgrader (Ubuntu): | |
status: | Confirmed → Triaged |
summary: |
- disable screensaver locking at start of upgrade + notify user that the lock screen has been disabled |
Changed in ubuntu-release-upgrader (Ubuntu): | |
status: | Triaged → In Progress |
assignee: | nobody → Brian Murray (brian-murray) |
tags: | added: id-5b32dfc70f54891287c5942a |
Changed in ubuntu-release-upgrader (Ubuntu Bionic): | |
status: | New → In Progress |
importance: | Undecided → Wishlist |
assignee: | nobody → Brian Murray (brian-murray) |
importance: | Wishlist → High |
description: | updated |
This also happens on 13.04 -> 13.10 (on the first attempt and without the debconf message).