lock screen bypass

Bug #1313885 reported by Frederic BARDY on 2014-04-28
320
This bug affects 14 people
Affects Status Importance Assigned to Milestone
Unity
Critical
Irfan Fauzan
unity (Ubuntu)
Critical
Marco Trevisan (Treviño)
Trusty
Critical
Marc Deslauriers
Utopic
Critical
Marco Trevisan (Treviño)

Bug Description

I found a bug allowing a user to bypass the new lock screen of Ubuntu 14.04

1 - When the screen is locked just right click multiple times on the indicator bar (for example on the battery indicator), then shortcuts are available.
2 - Press ALT+F2
3 - you can execute the command you whant on behalf of the logged user.

Here is a video demonstrating this bug : http://www.youtube.com/watch?v=d4UUB0sI5Fc

lsb_release -rd
Description: Ubuntu 14.04 LTS
Release: 14.04

Ubuntu version updated the 04/28/2014

apt-cache policy unity
unity:
  Installed: 7.2.0+14.04.20140416-0ubuntu1
  Candidate: 7.2.0+14.04.20140416-0ubuntu1
  Version table:
 *** 7.2.0+14.04.20140416-0ubuntu1 0
        500 http://fr.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
        100 /var/lib/dpkg/status

Related branches

lp:~brandontschaefer/unity/lp.1313885-fix
Rejected for merging into lp:unity
PS Jenkins bot: Approve (continuous-integration) on 2014-04-28
Andrea Azzarone: Approve on 2014-04-28
lp:~3v1n0/unity/lockscreen-keys-disable
Merged into lp:unity at revision 3792
PS Jenkins bot: Approve (continuous-integration) on 2014-04-29
Brandon Schaefer: Approve on 2014-04-29
information type: Private Security → Public Security
Changed in unity (Ubuntu):
status: New → Confirmed
importance: Undecided → Critical

I can get the dash to pop up (which is an issue), but I cant input anything into the dash. It goes to the input for the lockscreen.

Either way, the command lens shouldn't be popping up.

Changed in unity (Ubuntu):
assignee: nobody → Brandon Schaefer (brandontschaefer)
status: Confirmed → In Progress
Changed in unity:
status: New → In Progress
importance: Undecided → Critical
assignee: nobody → Brandon Schaefer (brandontschaefer)
Changed in unity:
milestone: none → 7.2.1
Changed in unity:
assignee: Brandon Schaefer (brandontschaefer) → Marco Trevisan (Treviño) (3v1n0)
Changed in unity (Ubuntu):
assignee: Brandon Schaefer (brandontschaefer) → Marco Trevisan (Treviño) (3v1n0)
tags: added: lockscreen
Changed in unity (Ubuntu):
assignee: Marco Trevisan (Treviño) (3v1n0) → Marc Deslauriers (mdeslaur)
Changed in unity (Ubuntu Trusty):
status: New → In Progress
importance: Undecided → Critical
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in unity (Ubuntu Utopic):
assignee: Marc Deslauriers (mdeslaur) → Marco Trevisan (Treviño) (3v1n0)
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package unity - 7.2.0+14.04.20140423-0ubuntu1.1

---------------
unity (7.2.0+14.04.20140423-0ubuntu1.1) trusty-security; urgency=medium

  * SECURITY UPDATE: lock screen bypass (LP: #1313885)
    - debian/patches/lp1313885.patch: improve lockscreen logic in
      lockscreen/LockScreenController.cpp, lockscreen/LockScreenShield.*,
      plugins/unityshell/src/unityshell.*.
 -- Marc Deslauriers <email address hidden> Mon, 28 Apr 2014 22:29:13 -0400

Changed in unity (Ubuntu Trusty):
status: In Progress → Fix Released
azul (azul) wrote :

I can still bypass the logscreen by rightclicking the indicators.

In order to reproduce:

Open a Terminal
Press CTRL+ALT+L to lock the screen
right click the indicators some times
type and you will enter into the terminal not the password field

The easiest way to reproduce this is to play some music with mplayer in the terminal. If you can stop the music, skip a song etc. with your keys press CTRL+c to quit mplayer. Now you can type whatever you want and it will be executed.

This probably affects other Programs. I can even switch the terminal with the default shortcuts. I guess i could also start one with CTRL+ALT+T but i need to confirm that.

I just installed the fix above. Have not rebooted though. So that might fix it.

azul (azul) wrote :

Confirmed that CTRL+ALT+T for a new terminal works.

azul (azul) wrote :

reboot did not fix it.

Marc Deslauriers (mdeslaur) wrote :

@azul: please file a new bug, that is likely a different issue.

@azul and @Marc I reported a new bug for the problem discovered by azul.

https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1314294

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package unity - 7.2.0+14.04.20140423-0ubuntu1.1

---------------
unity (7.2.0+14.04.20140423-0ubuntu1.1) trusty-security; urgency=medium

  * SECURITY UPDATE: lock screen bypass (LP: #1313885)
    - debian/patches/lp1313885.patch: improve lockscreen logic in
      lockscreen/LockScreenController.cpp, lockscreen/LockScreenShield.*,
      plugins/unityshell/src/unityshell.*.
 -- Marc Deslauriers <email address hidden> Mon, 28 Apr 2014 22:29:13 -0400

Changed in unity (Ubuntu Utopic):
status: In Progress → Fix Released
Changed in unity:
status: In Progress → Fix Committed
Changed in unity:
assignee: Marco Trevisan (Treviño) (3v1n0) → Irfan Fauzan (irfan-it2988)
Stephen M. Webb (bregma) on 2014-06-04
Changed in unity:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers