Dash is visible on top of the lockscreen after screen monitor auto locks

Bug #1308850 reported by Giovanni Mellini
32
This bug affects 5 people
Affects Status Importance Assigned to Milestone
Unity
Fix Released
High
Andrea Azzarone
unity (Ubuntu)
Fix Released
Undecided
Andrea Azzarone
Trusty
Fix Released
Undecided
Unassigned

Bug Description

[Impact]

This is 100% reproducible on my side with an updated 14.04

I have a laptop that after 3 minutes of inactivity shutdown the screen and lock-it.

If I press the SUPER button to activate the dash and then I wait 3 minutes for auto screen locking the screen become black.
After that when I move the mouse to go to lockscreen and unlock my session, I see the dash on top of the lockscreen.
I can digit my password and unlock the laptop pressing enter but I cannot see the username, box, dots etc
I think that the screenshot attached explain very whell what I'm writing.

I think that this is a security problem because as you can see from my screenshot other people can see my personal data (file and folders) without authorization.

[Test Case]

(1) Make sure the screen lock is enabled and has a reasonable timeout set.
(2) Use the Super button to activate the Dash.
(3) Wait for the screen lock timeout so the lockscreen / screensaver comes up.
(4) Move the mouse or press a shift key to display the lockscreen.
(5) The Dash should not appear on top of the lockscreen.

[Regression Potential]

None. The fix is to explicitly undisplay the dash when the screen is locked.

Related branches

Revision history for this message
Giovanni Mellini (merlos) wrote :
Revision history for this message
Giovanni Mellini (merlos) wrote :
Andrea Azzarone (azzar1)
Changed in unity:
importance: Undecided → High
status: New → Triaged
milestone: none → 7.2.1
Andrea Azzarone (azzar1)
Changed in unity (Ubuntu):
status: New → Confirmed
tags: added: lockscreen
Andrea Azzarone (azzar1)
Changed in unity:
status: Triaged → In Progress
Changed in unity (Ubuntu):
status: Confirmed → In Progress
Changed in unity:
assignee: nobody → Andrea Azzarone (andyrock)
Changed in unity (Ubuntu):
assignee: nobody → Andrea Azzarone (andyrock)
Stephen M. Webb (bregma)
description: updated
Chris J Arges (arges)
description: updated
Changed in unity:
status: In Progress → Fix Committed
Revision history for this message
Timo Jyrinki (timo-jyrinki) wrote :

It seems the automated message did not reach here.

The updated version is now in proposed: https://launchpad.net/ubuntu/trusty/+source/unity/7.2.0+14.04.20140423-0ubuntu1

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: added: verification-needed
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in unity (Ubuntu Trusty):
status: New → Confirmed
Revision history for this message
Giovanni Mellini (merlos) wrote :

Just enabled trusty-proposed and installed updated unity

giovanni@jellyfish:~$ apt-cache show unity
Package: unity
Status: install ok installed
Priority: optional
Section: gnome
Installed-Size: 5996
Maintainer: Ubuntu Developers <email address hidden>
Architecture: amd64
Version: 7.2.0+14.04.20140423-0ubuntu1
[...]

I confirm that the fix is working and I cannot reproduce the bug anymore.
Tks
Giovanni

Revision history for this message
NoBugs! (luke32j) wrote :

Very nice! That 7.2.0-14 seems to have fixed the suspend-resume dash locking up!

tags: added: verification-done
removed: verification-needed
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

This was fixed by this security update: http://www.ubuntu.com/usn/usn-2184-1/

Changed in unity (Ubuntu Trusty):
status: Confirmed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package unity - 7.2.0+14.04.20140423-0ubuntu1.1

---------------
unity (7.2.0+14.04.20140423-0ubuntu1.1) trusty-security; urgency=medium

  * SECURITY UPDATE: lock screen bypass (LP: #1313885)
    - debian/patches/lp1313885.patch: improve lockscreen logic in
      lockscreen/LockScreenController.cpp, lockscreen/LockScreenShield.*,
      plugins/unityshell/src/unityshell.*.
 -- Marc Deslauriers <email address hidden> Mon, 28 Apr 2014 22:29:13 -0400

Changed in unity (Ubuntu):
status: In Progress → Fix Released
Stephen M. Webb (bregma)
Changed in unity:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.