Ubuntu
unity package

lock screen bypass

Bug #1313885 reported by Frederic BARDY
322
This bug affects 14 people
Affects Status Importance Assigned to Milestone
Unity
Fix Released
Critical
Irfan Fauzan
Unity 7.2.1 "14.04 SRU 1"
unity (Ubuntu)
Fix Released
Critical
Marco Trevisan (Treviño)
Trusty
Fix Released
Critical
Marc Deslauriers
Utopic
Fix Released
Critical
Marco Trevisan (Treviño)

Bug Description

I found a bug allowing a user to bypass the new lock screen of Ubuntu 14.04

1 - When the screen is locked just right click multiple times on the indicator bar (for example on the battery indicator), then shortcuts are available.
2 - Press ALT+F2
3 - you can execute the command you whant on behalf of the logged user.

Here is a video demonstrating this bug : http://www.youtube.com/watch?v=d4UUB0sI5Fc

lsb_release -rd
Description: Ubuntu 14.04 LTS
Release: 14.04

Ubuntu version updated the 04/28/2014

apt-cache policy unity
unity:
  Installed: 7.2.0+14.04.20140416-0ubuntu1
  Candidate: 7.2.0+14.04.20140416-0ubuntu1
  Version table:
 *** 7.2.0+14.04.20140416-0ubuntu1 0
        500 http://fr.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
        100 /var/lib/dpkg/status

Tags: lockscreen

Related branches

lp:~brandontschaefer/unity/lp.1313885-fix
Rejected for merging into lp:unity
PS Jenkins bot (community): Approve (continuous-integration)
Andrea Azzarone (community): Approve
Diff: 73 lines (+18/-3)
1 file modified
plugins/unityshell/src/unityshell.cpp (+18/-3)
lp:~3v1n0/unity/lockscreen-keys-disable
PS Jenkins bot (community): Approve (continuous-integration)
Brandon Schaefer (community): Approve
Diff: 311 lines (+93/-26)
8 files modified
lockscreen/LockScreenController.cpp (+12/-3)
lockscreen/LockScreenController.h (+1/-0)
lockscreen/LockScreenShield.cpp (+14/-2)
lockscreen/LockScreenShield.h (+1/-0)
plugins/unityshell/src/unityshell.cpp (+54/-15)
plugins/unityshell/src/unityshell.h (+2/-0)
shutdown/SessionController.cpp (+7/-5)
tests/test_session_controller.cpp (+2/-1)
Frederic BARDY (frederic-bardy)
information type: Private Security → Public Security
Marc Deslauriers (mdeslaur)
Changed in unity (Ubuntu):
status: New → Confirmed
importance: Undecided → Critical
Revision history for this message
Brandon Schaefer (brandontschaefer) wrote :

I can get the dash to pop up (which is an issue), but I cant input anything into the dash. It goes to the input for the lockscreen.

Either way, the command lens shouldn't be popping up.

Changed in unity (Ubuntu):
assignee: nobody → Brandon Schaefer (brandontschaefer)
status: Confirmed → In Progress
Changed in unity:
status: New → In Progress
importance: Undecided → Critical
assignee: nobody → Brandon Schaefer (brandontschaefer)
Marco Trevisan (Treviño) (3v1n0)
Changed in unity:
milestone: none → 7.2.1
Marco Trevisan (Treviño) (3v1n0)
Changed in unity:
assignee: Brandon Schaefer (brandontschaefer) → Marco Trevisan (Treviño) (3v1n0)
Changed in unity (Ubuntu):
assignee: Brandon Schaefer (brandontschaefer) → Marco Trevisan (Treviño) (3v1n0)
Marco Trevisan (Treviño) (3v1n0)
tags: added: lockscreen
Marc Deslauriers (mdeslaur)
Changed in unity (Ubuntu):
assignee: Marco Trevisan (Treviño) (3v1n0) → Marc Deslauriers (mdeslaur)
Changed in unity (Ubuntu Trusty):
status: New → In Progress
importance: Undecided → Critical
assignee: nobody → Marc Deslauriers (mdeslaur)
Marc Deslauriers (mdeslaur)
Changed in unity (Ubuntu Utopic):
assignee: Marc Deslauriers (mdeslaur) → Marco Trevisan (Treviño) (3v1n0)
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package unity - 7.2.0+14.04.20140423-0ubuntu1.1

---------------
unity (7.2.0+14.04.20140423-0ubuntu1.1) trusty-security; urgency=medium

  * SECURITY UPDATE: lock screen bypass (LP: #1313885)
    - debian/patches/lp1313885.patch: improve lockscreen logic in
      lockscreen/LockScreenController.cpp, lockscreen/LockScreenShield.*,
      plugins/unityshell/src/unityshell.*.
 -- Marc Deslauriers <email address hidden> Mon, 28 Apr 2014 22:29:13 -0400

Changed in unity (Ubuntu Trusty):
status: In Progress → Fix Released
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

http://www.ubuntu.com/usn/usn-2184-1/

Revision history for this message
azul (azul) wrote :

I can still bypass the logscreen by rightclicking the indicators.

In order to reproduce:

Open a Terminal
Press CTRL+ALT+L to lock the screen
right click the indicators some times
type and you will enter into the terminal not the password field

The easiest way to reproduce this is to play some music with mplayer in the terminal. If you can stop the music, skip a song etc. with your keys press CTRL+c to quit mplayer. Now you can type whatever you want and it will be executed.

This probably affects other Programs. I can even switch the terminal with the default shortcuts. I guess i could also start one with CTRL+ALT+T but i need to confirm that.

I just installed the fix above. Have not rebooted though. So that might fix it.

Revision history for this message
azul (azul) wrote :

Confirmed that CTRL+ALT+T for a new terminal works.

Revision history for this message
azul (azul) wrote :

reboot did not fix it.

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

@azul: please file a new bug, that is likely a different issue.

Revision history for this message
Mateusz Stachowski (stachowski-mateusz) wrote :

@azul and @Marc I reported a new bug for the problem discovered by azul.

https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1314294

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package unity - 7.2.0+14.04.20140423-0ubuntu1.1

---------------
unity (7.2.0+14.04.20140423-0ubuntu1.1) trusty-security; urgency=medium

  * SECURITY UPDATE: lock screen bypass (LP: #1313885)
    - debian/patches/lp1313885.patch: improve lockscreen logic in
      lockscreen/LockScreenController.cpp, lockscreen/LockScreenShield.*,
      plugins/unityshell/src/unityshell.*.
 -- Marc Deslauriers <email address hidden> Mon, 28 Apr 2014 22:29:13 -0400

Changed in unity (Ubuntu Utopic):
status: In Progress → Fix Released
Marco Trevisan (Treviño) (3v1n0)
Changed in unity:
status: In Progress → Fix Committed
Irfan Fauzan (irfan-it2988)
Changed in unity:
assignee: Marco Trevisan (Treviño) (3v1n0) → Irfan Fauzan (irfan-it2988)
Stephen M. Webb (bregma)
Changed in unity:
status: Fix Committed → Fix Released
Revision history for this message
Ariel Gerardo Crespín (thematrixnmt) wrote :

Hello.
When i tried to unlock the lockscreen,i enter with any password and with no password.
The same is when i log in my session.
My account has a very strong password made during installation.
Thanks for your help.

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers