Lockscreen can be bypassed after screen has blanked
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Unity |
Fix Released
|
High
|
Sami Jaktholm | ||
unity (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Steps to reproduce:
1. Lock the screen
2. Let the lockscreen blank
3. Press ALT+TAB
What happens:
The application switcher appears and it's possible to switch between applications. The chosen application will get keyboard focus and any input will go there.
What should happen:
Nothing. Lockscreen should grab the keyboard and stop the input from going anywhere.
This has security implications. For example it's possible to open the "Run command" view and run "unity --replace" to destroy the lockscreen and open the session.
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: unity 7.2.0+14.
ProcVersionSign
Uname: Linux 3.13.0-23-generic x86_64
ApportVersion: 2.14.1-0ubuntu2
Architecture: amd64
CompizPlugins: No value set for `/apps/
CurrentDesktop: Unity
Date: Fri Apr 11 10:06:50 2014
InstallationDate: Installed on 2014-02-23 (46 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Alpha amd64 (20140223)
SourcePackage: unity
UpgradeStatus: No upgrade log present (probably fresh install)
Related branches
- Andrea Azzarone (community): Approve
-
Diff: 61 lines (+25/-1)2 files modifiedlockscreen/LockScreenController.cpp (+2/-1)
tests/test_lockscreen_controller.cpp (+23/-0)
Changed in unity (Ubuntu): | |
status: | Confirmed → In Progress |
Changed in unity: | |
importance: | Undecided → High |
milestone: | none → 7.2.1 |
Changed in unity: | |
status: | In Progress → Fix Committed |
Changed in unity: | |
status: | Fix Committed → Fix Released |
Status changed to 'Confirmed' because the bug affects multiple users.