Dash is visible on top of the lockscreen after screen monitor auto locks

Bug #1308850 reported by Giovanni Mellini on 2014-04-17
32
This bug affects 5 people
Affects Status Importance Assigned to Milestone
Unity
High
Andrea Azzarone
unity (Ubuntu)
Undecided
Andrea Azzarone
Trusty
Undecided
Unassigned

Bug Description

[Impact]

This is 100% reproducible on my side with an updated 14.04

I have a laptop that after 3 minutes of inactivity shutdown the screen and lock-it.

If I press the SUPER button to activate the dash and then I wait 3 minutes for auto screen locking the screen become black.
After that when I move the mouse to go to lockscreen and unlock my session, I see the dash on top of the lockscreen.
I can digit my password and unlock the laptop pressing enter but I cannot see the username, box, dots etc
I think that the screenshot attached explain very whell what I'm writing.

I think that this is a security problem because as you can see from my screenshot other people can see my personal data (file and folders) without authorization.

[Test Case]

(1) Make sure the screen lock is enabled and has a reasonable timeout set.
(2) Use the Super button to activate the Dash.
(3) Wait for the screen lock timeout so the lockscreen / screensaver comes up.
(4) Move the mouse or press a shift key to display the lockscreen.
(5) The Dash should not appear on top of the lockscreen.

[Regression Potential]

None. The fix is to explicitly undisplay the dash when the screen is locked.

Related branches

lp:~azzar1/unity/fix-1308850
Marco Trevisan (Treviño): Approve on 2014-04-17
PS Jenkins bot: Approve (continuous-integration) on 2014-04-17
Brandon Schaefer: Approve on 2014-04-17
Giovanni Mellini (merlos) wrote :
Giovanni Mellini (merlos) wrote :
Andrea Azzarone (azzar1) on 2014-04-17
Changed in unity:
importance: Undecided → High
status: New → Triaged
milestone: none → 7.2.1
Andrea Azzarone (azzar1) on 2014-04-17
Changed in unity (Ubuntu):
status: New → Confirmed
tags: added: lockscreen
Andrea Azzarone (azzar1) on 2014-04-17
Changed in unity:
status: Triaged → In Progress
Changed in unity (Ubuntu):
status: Confirmed → In Progress
Changed in unity:
assignee: nobody → Andrea Azzarone (andyrock)
Changed in unity (Ubuntu):
assignee: nobody → Andrea Azzarone (andyrock)
Stephen M. Webb (bregma) on 2014-04-23
description: updated
Chris J Arges (arges) on 2014-04-25
description: updated
Changed in unity:
status: In Progress → Fix Committed
Timo Jyrinki (timo-jyrinki) wrote :

It seems the automated message did not reach here.

The updated version is now in proposed: https://launchpad.net/ubuntu/trusty/+source/unity/7.2.0+14.04.20140423-0ubuntu1

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: added: verification-needed
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in unity (Ubuntu Trusty):
status: New → Confirmed
Giovanni Mellini (merlos) wrote :

Just enabled trusty-proposed and installed updated unity

giovanni@jellyfish:~$ apt-cache show unity
Package: unity
Status: install ok installed
Priority: optional
Section: gnome
Installed-Size: 5996
Maintainer: Ubuntu Developers <email address hidden>
Architecture: amd64
Version: 7.2.0+14.04.20140423-0ubuntu1
[...]

I confirm that the fix is working and I cannot reproduce the bug anymore.
Tks
Giovanni

NoBugs! (luke32j) wrote :

Very nice! That 7.2.0-14 seems to have fixed the suspend-resume dash locking up!

tags: added: verification-done
removed: verification-needed
Marc Deslauriers (mdeslaur) wrote :

This was fixed by this security update: http://www.ubuntu.com/usn/usn-2184-1/

Changed in unity (Ubuntu Trusty):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package unity - 7.2.0+14.04.20140423-0ubuntu1.1

---------------
unity (7.2.0+14.04.20140423-0ubuntu1.1) trusty-security; urgency=medium

  * SECURITY UPDATE: lock screen bypass (LP: #1313885)
    - debian/patches/lp1313885.patch: improve lockscreen logic in
      lockscreen/LockScreenController.cpp, lockscreen/LockScreenShield.*,
      plugins/unityshell/src/unityshell.*.
 -- Marc Deslauriers <email address hidden> Mon, 28 Apr 2014 22:29:13 -0400

Changed in unity (Ubuntu):
status: In Progress → Fix Released
Stephen M. Webb (bregma) on 2014-06-04
Changed in unity:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers