Bug #1313885 “lock screen bypass” : Bugs : unity package : Ubuntu

Bug Description

I found a bug allowing a user to bypass the new lock screen of Ubuntu 14.04

1 - When the screen is locked just right click multiple times on the indicator bar (for example on the battery indicator), then shortcuts are available.
2 - Press ALT+F2
3 - you can execute the command you whant on behalf of the logged user.

Here is a video demonstrating this bug : http://www.youtube.com/watch?v=d4UUB0sI5Fc

lsb_release -rd
Description: Ubuntu 14.04 LTS
Release: 14.04

Ubuntu version updated the 04/28/2014

apt-cache policy unity
unity:
  Installed: 7.2.0+14.04.20140416-0ubuntu1
  Candidate: 7.2.0+14.04.20140416-0ubuntu1
  Version table:
*** 7.2.0+14.04.20140416-0ubuntu1 0
        500 http://fr.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
        100 /var/lib/dpkg/status

Tags: Edit Tag help

Related branches

lp:~brandontschaefer/unity/lp.1313885-fix

Rejected for merging into lp:unity

PS Jenkins bot: Approve (continuous-integration) on 2014-04-28

Andrea Azzarone: Approve on 2014-04-28

lp:~3v1n0/unity/lockscreen-keys-disable

Merged into lp:unity at revision 3792

PS Jenkins bot: Approve (continuous-integration) on 2014-04-29

Brandon Schaefer: Approve on 2014-04-29

Frederic BARDY (frederic-bardy) on 2014-04-28

information type:

Private Security → Public Security

Marc Deslauriers (mdeslaur) on 2014-04-28

Changed in unity (Ubuntu):
status:	New → Confirmed
importance:	Undecided → Critical

Brandon Schaefer (brandontschaefer) wrote on 2014-04-28:

I can get the dash to pop up (which is an issue), but I cant input anything into the dash. It goes to the input for the lockscreen.

Either way, the command lens shouldn't be popping up.

Changed in unity (Ubuntu):
assignee:	nobody → Brandon Schaefer (brandontschaefer)
status:	Confirmed → In Progress
Changed in unity:
status:	New → In Progress
importance:	Undecided → Critical
assignee:	nobody → Brandon Schaefer (brandontschaefer)

Marco Trevisan (Treviño) (3v1n0) on 2014-04-29

Changed in unity:
milestone:	none → 7.2.1

Marco Trevisan (Treviño) (3v1n0) on 2014-04-29

Changed in unity:
assignee:	Brandon Schaefer (brandontschaefer) → Marco Trevisan (Treviño) (3v1n0)
Changed in unity (Ubuntu):
assignee:	Brandon Schaefer (brandontschaefer) → Marco Trevisan (Treviño) (3v1n0)

Marco Trevisan (Treviño) (3v1n0) on 2014-04-29

tags:

added: lockscreen

Marc Deslauriers (mdeslaur) on 2014-04-29

Changed in unity (Ubuntu):
assignee:	Marco Trevisan (Treviño) (3v1n0) → Marc Deslauriers (mdeslaur)
Changed in unity (Ubuntu Trusty):
status:	New → In Progress
importance:	Undecided → Critical
assignee:	nobody → Marc Deslauriers (mdeslaur)

Marc Deslauriers (mdeslaur) on 2014-04-29

Changed in unity (Ubuntu Utopic):
assignee:	Marc Deslauriers (mdeslaur) → Marco Trevisan (Treviño) (3v1n0)

Launchpad Janitor (janitor) wrote on 2014-04-29:

This bug was fixed in the package unity - 7.2.0+14.04.20140423-0ubuntu1.1

---------------
unity (7.2.0+14.04.20140423-0ubuntu1.1) trusty-security; urgency=medium

  * SECURITY UPDATE: lock screen bypass (LP: #1313885)
    - debian/patches/lp1313885.patch: improve lockscreen logic in
      lockscreen/LockScreenController.cpp, lockscreen/LockScreenShield.*,
      plugins/unityshell/src/unityshell.*.
-- Marc Deslauriers <email address hidden> Mon, 28 Apr 2014 22:29:13 -0400

Changed in unity (Ubuntu Trusty):
status:	In Progress → Fix Released

Marc Deslauriers (mdeslaur) wrote on 2014-04-29:

http://www.ubuntu.com/usn/usn-2184-1/

azul (azul) wrote on 2014-04-29:

I can still bypass the logscreen by rightclicking the indicators.

In order to reproduce:

Open a Terminal
Press CTRL+ALT+L to lock the screen
right click the indicators some times
type and you will enter into the terminal not the password field

The easiest way to reproduce this is to play some music with mplayer in the terminal. If you can stop the music, skip a song etc. with your keys press CTRL+c to quit mplayer. Now you can type whatever you want and it will be executed.

This probably affects other Programs. I can even switch the terminal with the default shortcuts. I guess i could also start one with CTRL+ALT+T but i need to confirm that.

I just installed the fix above. Have not rebooted though. So that might fix it.

azul (azul) wrote on 2014-04-29:

Confirmed that CTRL+ALT+T for a new terminal works.

azul (azul) wrote on 2014-04-29:

reboot did not fix it.

Marc Deslauriers (mdeslaur) wrote on 2014-04-29:

@azul: please file a new bug, that is likely a different issue.

Mateusz Stachowski (stachowski-mateusz) wrote on 2014-04-29:

@azul and @Marc I reported a new bug for the problem discovered by azul.

https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1314294

Launchpad Janitor (janitor) wrote on 2014-04-30:

This bug was fixed in the package unity - 7.2.0+14.04.20140423-0ubuntu1.1

---------------
unity (7.2.0+14.04.20140423-0ubuntu1.1) trusty-security; urgency=medium

Changed in unity (Ubuntu Utopic):
status:	In Progress → Fix Released

Marco Trevisan (Treviño) (3v1n0) on 2014-05-02

Changed in unity:
status:	In Progress → Fix Committed

Irfan Fauzan (irfan-it2988) on 2014-05-11

Changed in unity:
assignee:	Marco Trevisan (Treviño) (3v1n0) → Irfan Fauzan (irfan-it2988)

Stephen M. Webb (bregma) on 2014-06-04

Changed in unity:
status:	Fix Committed → Fix Released

Ubuntu
unity package

lock screen bypass

Bug Description

Related branches

Other bug subscribers

Ubuntuunity package

lock screen bypass

Bug Description

Related branches

Other bug subscribers

Ubuntu
unity package