Dash is visible on top of the lockscreen after screen monitor auto locks
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
| Unity |
Fix Released
|
High
|
Andrea Azzarone | |
| unity (Ubuntu) |
Undecided
|
Andrea Azzarone | ||
| Trusty |
Undecided
|
Unassigned |
Bug Description
[Impact]
This is 100% reproducible on my side with an updated 14.04
I have a laptop that after 3 minutes of inactivity shutdown the screen and lock-it.
If I press the SUPER button to activate the dash and then I wait 3 minutes for auto screen locking the screen become black.
After that when I move the mouse to go to lockscreen and unlock my session, I see the dash on top of the lockscreen.
I can digit my password and unlock the laptop pressing enter but I cannot see the username, box, dots etc
I think that the screenshot attached explain very whell what I'm writing.
I think that this is a security problem because as you can see from my screenshot other people can see my personal data (file and folders) without authorization.
[Test Case]
(1) Make sure the screen lock is enabled and has a reasonable timeout set.
(2) Use the Super button to activate the Dash.
(3) Wait for the screen lock timeout so the lockscreen / screensaver comes up.
(4) Move the mouse or press a shift key to display the lockscreen.
(5) The Dash should not appear on top of the lockscreen.
[Regression Potential]
None. The fix is to explicitly undisplay the dash when the screen is locked.
Related branches
- Marco Trevisan (Treviño): Approve on 2014-04-17
- PS Jenkins bot: Approve (continuous-integration) on 2014-04-17
- Brandon Schaefer (community): Approve on 2014-04-17
-
Diff: 11 lines (+1/-0)1 file modifiedplugins/unityshell/src/unityshell.cpp (+1/-0)
Giovanni Mellini (merlos) wrote : | #1 |
Giovanni Mellini (merlos) wrote : | #2 |
Changed in unity: | |
importance: | Undecided → High |
status: | New → Triaged |
milestone: | none → 7.2.1 |
Changed in unity (Ubuntu): | |
status: | New → Confirmed |
tags: | added: lockscreen |
Changed in unity: | |
status: | Triaged → In Progress |
Changed in unity (Ubuntu): | |
status: | Confirmed → In Progress |
Changed in unity: | |
assignee: | nobody → Andrea Azzarone (andyrock) |
Changed in unity (Ubuntu): | |
assignee: | nobody → Andrea Azzarone (andyrock) |
description: | updated |
description: | updated |
Changed in unity: | |
status: | In Progress → Fix Committed |
Launchpad Janitor (janitor) wrote : | #4 |
Status changed to 'Confirmed' because the bug affects multiple users.
Changed in unity (Ubuntu Trusty): | |
status: | New → Confirmed |
Giovanni Mellini (merlos) wrote : | #5 |
Just enabled trusty-proposed and installed updated unity
giovanni@
Package: unity
Status: install ok installed
Priority: optional
Section: gnome
Installed-Size: 5996
Maintainer: Ubuntu Developers <email address hidden>
Architecture: amd64
Version: 7.2.0+14.
[...]
I confirm that the fix is working and I cannot reproduce the bug anymore.
Tks
Giovanni
NoBugs! (luke32j) wrote : | #6 |
Very nice! That 7.2.0-14 seems to have fixed the suspend-resume dash locking up!
tags: |
added: verification-done removed: verification-needed |
Marc Deslauriers (mdeslaur) wrote : | #7 |
This was fixed by this security update: http://
Changed in unity (Ubuntu Trusty): | |
status: | Confirmed → Fix Released |
Launchpad Janitor (janitor) wrote : | #8 |
This bug was fixed in the package unity - 7.2.0+14.
---------------
unity (7.2.0+
* SECURITY UPDATE: lock screen bypass (LP: #1313885)
- debian/
lockscree
plugins/
-- Marc Deslauriers <email address hidden> Mon, 28 Apr 2014 22:29:13 -0400
Changed in unity (Ubuntu): | |
status: | In Progress → Fix Released |
Changed in unity: | |
status: | Fix Committed → Fix Released |
It seems the automated message did not reach here.
The updated version is now in proposed: https:/ /launchpad. net/ubuntu/ trusty/ +source/ unity/7. 2.0+14. 04.20140423- 0ubuntu1
Please help us by testing this new package. See https:/ /wiki.ubuntu. com/Testing/ EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.
If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed. In either case, details of your testing will help us make a better decision.
Further information regarding the verification process can be found at https:/ /wiki.ubuntu. com/QATeam/ PerformingSRUVe rification . Thank you in advance!