Ubuntu
unity package

Lockscreen can be bypassed after screen has blanked

Bug #1306417 reported by Sami Jaktholm
260
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Unity
Fix Released
High
Sami Jaktholm
Unity 7.2.1 "14.04 SRU 1"
unity (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Steps to reproduce:
1. Lock the screen
2. Let the lockscreen blank
3. Press ALT+TAB

What happens:
The application switcher appears and it's possible to switch between applications. The chosen application will get keyboard focus and any input will go there.

What should happen:
Nothing. Lockscreen should grab the keyboard and stop the input from going anywhere.

This has security implications. For example it's possible to open the "Run command" view and run "unity --replace" to destroy the lockscreen and open the session.

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: unity 7.2.0+14.04.20140410.1-0ubuntu1
ProcVersionSignature: Ubuntu 3.13.0-23.45-generic 3.13.8
Uname: Linux 3.13.0-23-generic x86_64
ApportVersion: 2.14.1-0ubuntu2
Architecture: amd64
CompizPlugins: No value set for `/apps/compiz-1/general/screen0/options/active_plugins'
CurrentDesktop: Unity
Date: Fri Apr 11 10:06:50 2014
InstallationDate: Installed on 2014-02-23 (46 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Alpha amd64 (20140223)
SourcePackage: unity
UpgradeStatus: No upgrade log present (probably fresh install)

Related branches

lp:~sjakthol/unity/fix-grab-after-blank
Andrea Azzarone (community): Approve
Diff: 61 lines (+25/-1)
2 files modified
lockscreen/LockScreenController.cpp (+2/-1)
tests/test_lockscreen_controller.cpp (+23/-0)
Revision history for this message
Sami Jaktholm (sjakthol) wrote :
information type: Private Security → Public Security
Changed in unity:
status: New → In Progress
assignee: nobody → Sami Jaktholm (sjakthol)
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in unity (Ubuntu):
status: New → Confirmed
Revision history for this message
Shiba (shiba89) wrote :

On my system lockscreen lose keyboard focus even if not pressing Alt + Tab. The only way to unlock is to trigger "switch user" from the indicator.

Andrea Azzarone (azzar1)
Changed in unity (Ubuntu):
status: Confirmed → In Progress
Changed in unity:
importance: Undecided → High
milestone: none → 7.2.1
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package unity - 7.2.0+14.04.20140411-0ubuntu1

---------------
unity (7.2.0+14.04.20140411-0ubuntu1) trusty; urgency=low

  [ Sami Jaktholm ]
  * Lockscreen: Give proper grabs to the shield before releasing
    blank_window_. (LP: #1306417)
 -- Ubuntu daily release <email address hidden> Fri, 11 Apr 2014 09:00:46 +0000

Changed in unity (Ubuntu):
status: In Progress → Fix Released
Stephen M. Webb (bregma)
Changed in unity:
status: In Progress → Fix Committed
Stephen M. Webb (bregma)
Changed in unity:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.