Ubuntu 14.04: security problem in the lock screen
Bug #1308572 reported by
Marco Agnese
This bug affects 7 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Unity |
Fix Released
|
Critical
|
Andrea Azzarone | ||
unity (Ubuntu) |
Fix Released
|
Critical
|
Andrea Azzarone |
Bug Description
affects ubuntu
Hello,
I am running Ubuntu 14.04 with all the packages updated.
When the screen is locked with password, if I hold ENTER after some
seconds the screen freezes and the lock screen crashes. After that I
have the computer fully unlocked.
--
Marco Agnese
This bug is about the lockscreen being bypassed when unity crashes/restarts, which is a critcal security issue. The crash will be handled from bug 1308750
Related branches
lp:~azzar1/unity/fix-1308572
- Robert Ancell: Approve
- PS Jenkins bot (community): Needs Fixing (continuous-integration)
- Brandon Schaefer (community): Approve
-
Diff: 23 lines (+5/-1)1 file modifiedlockscreen/UserPromptView.cpp (+5/-1)
description: | updated |
information type: | Public → Private Security |
information type: | Private Security → Public Security |
affects: | ubuntu → gnome-screensaver (Ubuntu) |
affects: | gnome-screensaver (Ubuntu) → unity (Ubuntu) |
Changed in unity: | |
status: | New → Triaged |
Changed in unity (Ubuntu): | |
status: | New → Triaged |
Changed in unity: | |
importance: | Undecided → Critical |
Changed in unity (Ubuntu): | |
importance: | Undecided → Critical |
Changed in unity: | |
assignee: | nobody → Brandon Schaefer (brandontschaefer) |
Changed in unity (Ubuntu): | |
status: | Triaged → In Progress |
Changed in unity: | |
status: | Triaged → In Progress |
Changed in unity (Ubuntu): | |
assignee: | nobody → Brandon Schaefer (brandontschaefer) |
description: | updated |
Changed in unity: | |
assignee: | Brandon Schaefer (brandontschaefer) → nobody |
assignee: | nobody → Marco Trevisan (Treviño) (3v1n0) |
Changed in unity (Ubuntu): | |
assignee: | Brandon Schaefer (brandontschaefer) → Marco Trevisan (Treviño) (3v1n0) |
Changed in unity: | |
assignee: | Marco Trevisan (Treviño) (3v1n0) → Andrea Azzarone (andyrock) |
Changed in unity (Ubuntu): | |
assignee: | Marco Trevisan (Treviño) (3v1n0) → Andrea Azzarone (andyrock) |
Changed in unity: | |
milestone: | none → 7.2.1 |
Changed in unity: | |
status: | In Progress → Fix Committed |
tags: | added: lockscreen |
Changed in unity: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
I've recreated this and after holding the enter key for quite some time my screen was unlocked. I noticed the following in /var/log/syslog:
Apr 16 12:41:14 blacklightning gnome-session[ 2708]: WARNING: Application 'compiz.desktop' killed by signal 6 2708]: WARNING: App 'compiz.desktop' respawning too quickly 2708]: CRITICAL: We failed, but the fail whale is dead. Sorry....
Apr 16 12:41:14 blacklightning gnome-session[
Apr 16 12:41:14 blacklightning gnome-session[