notify user that the lock screen has been disabled

Bug #1174093 reported by Rebecca Palmer on 2013-04-28
264
This bug affects 2 people
Affects Status Importance Assigned to Milestone
ubuntu-release-upgrader (Ubuntu)
Wishlist
Brian Murray
Bionic
High
Brian Murray

Bug Description

[Impact]
Users are not notified that their lock screen is disabled during an upgrade and may left there system in an insecure location during the upgrade process.

[Test Case]
1) Configure a screen lock with a short (2 minute?) timeout
2) Upgrade from Ubuntu 16.04 to Ubuntu 18.04
3) Observe that the screen is not locked during the upgrade process and you that you were not warned about it

With the version of ubuntu-release-upgrader from -proposed you will receive a dialog telling you the lock screen has been disabled immediately before the upgrade begins.

[Regression Potential]
A new dialog is being added so there is little chance of regression.

I set an upgrade running from 12.10 to 13.04 (my second attempt, the first had failed due to loss of network), and as I expected this to take some time, locked the screen and left. I returned to an _unlocked_ screen, which is obviously a security risk.

It was showing a debconf dialog (asking if I wanted to restart cron, atd, cups and rsync after upgrading libc6, probably not the most helpful thing to ask a user who may well have no idea what these are), but the logs suggest update-manager deliberately kills gnome-screensaver before starting the install phase (possibly a fix for bug 319332 or similar problems?).

If it is not practical to have screen lock actually working during an upgrade, I suggest either disabling it right at the start and giving an appropriate message if the user tries it, or pausing and waiting for user input if the screen is locked at the point where the lock needs to be disabled.

Related branches

Rebecca Palmer (rebecca-palmer) wrote :
Rebecca Palmer (rebecca-palmer) wrote :
Rebecca Palmer (rebecca-palmer) wrote :
information type: Private Security → Public Security
Changed in update-manager (Ubuntu):
status: New → Confirmed
importance: Undecided → Wishlist
affects: update-manager (Ubuntu) → ubuntu-release-upgrader (Ubuntu)
summary: - screen unlocks itself during upgrade to 13.04
+ disable screensaver locking at start of upgrade
Changed in ubuntu-release-upgrader (Ubuntu):
status: Confirmed → Triaged

This also happens on 13.04 -> 13.10 (on the first attempt and without the debconf message).

summary: - disable screensaver locking at start of upgrade
+ notify user that the lock screen has been disabled
Changed in ubuntu-release-upgrader (Ubuntu):
status: Triaged → In Progress
assignee: nobody → Brian Murray (brian-murray)
tags: added: id-5b32dfc70f54891287c5942a
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ubuntu-release-upgrader - 1:18.10.4

---------------
ubuntu-release-upgrader (1:18.10.4) cosmic; urgency=medium

  * DistUpgradeQuirks.py, DistUpgradeController.py: move inhibiting of
    gnome-session idle so that it is called immediately after the upgrade
    starts (LP: #1778817), present a dialog notifying that the lock screen has
    been disabled (LP: #1174093), and do not reenable the lock screen as it
    may fail to work after a release upgrade. (LP: #1780342)
  * DistUpgradeQuirks.py: Add in a quirk for upgrading to Cosmic that will
    check if the system has connectivity to the snap store and replace some
    desktop packages with snaps to ensure the system is similar to a fresh
    install.

 -- Brian Murray <email address hidden> Fri, 06 Jul 2018 11:21:11 -0700

Changed in ubuntu-release-upgrader (Ubuntu):
status: In Progress → Fix Released
Changed in ubuntu-release-upgrader (Ubuntu Bionic):
status: New → In Progress
importance: Undecided → Wishlist
assignee: nobody → Brian Murray (brian-murray)
importance: Wishlist → High
description: updated

Hello Rebecca, or anyone else affected,

Accepted ubuntu-release-upgrader into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ubuntu-release-upgrader/1:18.04.20 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in ubuntu-release-upgrader (Ubuntu Bionic):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-bionic
Łukasz Zemczak (sil2100) wrote :

Hello Rebecca, or anyone else affected,

Accepted ubuntu-release-upgrader into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ubuntu-release-upgrader/1:18.04.21 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Brian Murray (brian-murray) wrote :

Here's a screenshot of the lock screen dialog.

tags: added: verification-done verification-done-bionic
removed: verification-needed verification-needed-bionic
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ubuntu-release-upgrader - 1:18.04.21

---------------
ubuntu-release-upgrader (1:18.04.21) bionic; urgency=medium

  * DistUpgradeQuirks.py: when a snap fails to install try the next one
    instead of trying to check the return code of the called process which
    causes a Traceback. (LP: #1781412)
  * data/mirrors.cfg: Update the list of official mirrors.

ubuntu-release-upgrader (1:18.04.20) bionic; urgency=medium

  * Purge obsolete packages, if user agrees to remove obsolete
    packages. LP: #1775660
  * DistUpgradeQuirks.py, DistUpgradeController.py: move inhibiting of
    gnome-session idle so that it is called immediately after the upgrade
    starts (LP: #1778817), present a dialog notifying that the lock screen has
    been disabled (LP: #1174093), and do not reenable the lock screen as it
    may fail to work after a release upgrade. (LP: #1780342)
  * DistUpgradeQuirks.py: Add in a quirk for upgrading to Bionic that will
    check if the system has connectivity to the snap store and replace some
    desktop packages with snaps to ensure the system is similar to a fresh
    install. (LP: #1780841)
  * data/mirrors.cfg: Update the list of official mirrors.

 -- Brian Murray <email address hidden> Sun, 15 Jul 2018 10:16:16 -0700

Changed in ubuntu-release-upgrader (Ubuntu Bionic):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for ubuntu-release-upgrader has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers