With 2 monitors, after suspending, it is possible to skip the password

Bug #1368427 reported by Gabriel Salles Rousseau Guedes on 2014-09-11
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Fix Released
Marco Trevisan (Treviño)
Fix Released
Marco Trevisan (Treviño)
unity (Ubuntu)
Marco Trevisan (Treviño)
Nominated for Trusty by Marco Trevisan (Treviño)

Bug Description

Having a notebook with an extra monitor, after suspending the session, it is possible to skip the password.
My external monitor is connected through VGA, and I am able to reproduce this bug around 70-80% of the time (I don't know if it happens with an HDMI cable).
If I try to reproduce and the bug does not happen, I need to reboot the notebook so it can happen again.
I tried with different resolutions and "rotations" for the monitor and the bug still happens.
The external monitor needs to be configured to be on the left of the notebook, or the bug will not happen.

It is so many steps to make it happen, that I made a short video explaining.


ps.; The video is "unlisted", so only with the link is accessible.

Description: Ubuntu 14.04.1 LTS
Release: 14.04

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: gnome-screensaver 3.6.1-0ubuntu13
ProcVersionSignature: Ubuntu 3.13.0-36.63-generic
Uname: Linux 3.13.0-36-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.4
Architecture: amd64
CurrentDesktop: Unity
Date: Thu Sep 11 17:49:57 2014
GnomeSessionIdleInhibited: No
GnomeSessionInhibitors: None
 org.gnome.desktop.session session-name 'ubuntu'
 org.gnome.desktop.session idle-delay uint32 1800
InstallationDate: Installed on 2014-04-12 (152 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Daily amd64 (20140411)
SourcePackage: gnome-screensaver
Symptom: security
Title: Screen locking issue
UpgradeStatus: No upgrade log present (probably fresh install)

Related branches

Andrea Azzarone: Approve on 2014-09-22
PS Jenkins bot: Approve (continuous-integration) on 2014-09-20
Marco Trevisan (Treviño): Approve on 2014-12-17

Thanks for the detailed test case, we'll get a solution ASAP.

affects: gnome-screensaver (Ubuntu) → unity (Ubuntu)
Changed in unity:
status: New → Triaged
Changed in unity (Ubuntu):
status: New → Triaged
Changed in unity:
importance: Undecided → Critical
Changed in unity (Ubuntu):
importance: Undecided → Critical
Changed in unity:
assignee: nobody → Marco Trevisan (Treviño) (3v1n0)
Changed in unity (Ubuntu):
assignee: nobody → Marco Trevisan (Treviño) (3v1n0)
Changed in unity:
milestone: none → 7.3.1
Changed in unity:
status: Triaged → In Progress
Changed in unity (Ubuntu):
status: Triaged → In Progress
Changed in unity:
status: In Progress → Fix Committed
Changed in unity (Ubuntu):
status: In Progress → Fix Released

Hi Gabriel,

The fix has been just backported to ubuntu Trusty proposed channel (debs at http://launchpad.net/ubuntu/+source/unity/7.2.4+14.04.20141217-0ubuntu1), can you please enable that repo (https://wiki.ubuntu.com/Testing/EnableProposed), and verify that this bug has been fixed?



I tried yesterday night and with more effort this morning to reproduce this bug, but for me the bug is fixed (which is partially sad, because I was using as a feature when I didn't want to type the password =P).

Nice job, Marco!
Thanks! =]

Ahah.. LOL, now you're making me feeling sad cause I removed your loved secret feature... :P

Thanks for your testing!

tags: added: verification-done
Stephen M. Webb (bregma) on 2015-01-19
information type: Private Security → Public Security

The verification of the Stable Release Update for unity has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Stephen M. Webb (bregma) on 2015-02-11
Changed in unity:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers