Screen contents revealed briefly on resume, before even unlocking

Bug #1532508 reported by Nicolas_Raoul on 2016-01-10
478
This bug affects 51 people
Affects Status Importance Assigned to Milestone
GNOME Shell
In Progress
Medium
Ubuntu GNOME
Undecided
Unassigned
gdm3 (Ubuntu)
High
Unassigned
Nominated for Xenial by Marco Trevisan (Treviño)
gnome-shell (Debian)
Confirmed
Unknown
gnome-shell (Fedora)
In Progress
High
gnome-shell (Ubuntu)
High
Unassigned
Nominated for Xenial by Marco Trevisan (Treviño)
unity (Ubuntu)
High
Andrea Azzarone
Nominated for Xenial by Marco Trevisan (Treviño)
Xenial
Undecided
Unassigned

Bug Description

[Impact]

When lock is enabled, the screen doesn't get blank/covered by lockscreen before suspending, thus on early resume the content might be shown.

Video showing the bug: https://youtu.be/dDOgtK1MldI

Reproduced on Ubuntu 2015.10, Ubuntu 2014.04

[Test case]

1. Work on highly secret files
2. Close the lid of your laptop and go have a break
3. Anyone who opens the lid of the laptop can see the secret files for a half second before the lock screen appears

[Possible Regression]

Content on screen isn't painted anymore and screen stays black.

Related branches

CVE References

information type: Private Security → Public Security
Changed in unity (Ubuntu):
status: New → Confirmed
Andrea Azzarone (azzar1) wrote :

This is actually due to a graphic driver issue that we cannot workaround in unity. In xenial we reduced a bit the problem but we cannot completely remove it.

I can reproduce this issue in Ubuntu GNOME 16.04 with GNOME 3.20. Should updating the graphics driver fix the issue?

Changed in ubuntu-gnome:
status: New → Confirmed
Changed in gnome-shell (Ubuntu):
status: New → Confirmed
sunox (sunox9) wrote :

I experience this only when using compton compositor. This is on a Thinkpad T430 running Xubuntu 16.04.

Rael Gugelmin Cunha (rael-gc) wrote :

Started to happen to me on Ubuntu 16.04.2 with Intel graphics too (Dell Precision M3800). I was using 16.04 and then made a fresh install of 16.04.2

Nybo (renenybo) on 2017-04-08
information type: Public Security → Private Security
information type: Private Security → Public Security
tags: added: trusty wily xenial
Changed in gnome-shell (Debian):
status: Unknown → Confirmed
Changed in gnome-shell:
importance: Unknown → Medium
status: Unknown → In Progress
Changed in gnome-shell (Ubuntu):
importance: Undecided → High
Changed in unity (Ubuntu):
importance: Undecided → High
tags: added: zesty
Andrea Azzarone (azzar1) on 2017-09-19
Changed in unity (Ubuntu):
assignee: nobody → Andrea Azzarone (azzar1)
status: Confirmed → In Progress
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package unity - 7.5.0+17.10.20170925.1-0ubuntu1

---------------
unity (7.5.0+17.10.20170925.1-0ubuntu1) artful; urgency=medium

  [ Andrea Azzarone ]
  * Fix build issues with gcc-7 and g++-7
  * Refactor the way UserAuthenticator is created and passed around.
    Handle failures to create new threads and fallback to a "Switch to
    greeter..." button in case of failure. (LP: #1311316)
  * Wait until the color buffer is cleared before suspending. (LP:
    #1532508)

  [ Marco Trevisan (Treviño) ]
  * Tests: split unit tests in single binaries, enable unstable tests
  * debian/rules: ignore warnings in armhf and ppc64el

 -- Marco Trevisan (Treviño) <mail@3v1n0.net> Mon, 25 Sep 2017 16:05:06 +0000

Changed in unity (Ubuntu):
status: In Progress → Fix Released
description: updated

Hello Nicolas_Raoul, or anyone else affected,

Accepted unity into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/unity/7.4.5+16.04.20171116 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in unity (Ubuntu Xenial):
status: New → Fix Committed
tags: added: verification-needed verification-needed-xenial
Łukasz Zemczak (sil2100) wrote :

Hello Nicolas_Raoul, or anyone else affected,

Accepted unity into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/unity/7.4.5+16.04.20171201.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: added: unlock
tags: added: resume
Changed in gdm3 (Ubuntu):
status: New → Confirmed
importance: Undecided → High
summary: - Screen shown briefly after opening closed laptop lid, before even
- unlocking
+ Screen contents revealed briefly on resume, before even unlocking
Changed in gnome-shell (Fedora):
importance: Unknown → High
status: Unknown → In Progress

I hadn't noticed this bug in a while. And then suddenly yesterday (on Arch Linux) it appeared!

Doug McMahon (mc3man) wrote :

fine now in unity 7.4.5+16.04.20171201.3

tags: added: verification-done-xenial
removed: verification-needed-xenial
Doug McMahon (mc3man) on 2018-01-30
tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :
Download full text (3.4 KiB)

This bug was fixed in the package unity - 7.4.5+16.04.20171201.3

---------------
unity (7.4.5+16.04.20171201.3) xenial; urgency=medium

  [ Marco Trevisan (Treviño) ]
  * InputMonitor: add an unity class that monitors XInput2 events and
    converts them to XEvent
  * EdgeBarrierController: use InputMonitor to get the barrier events
    instead of relying on its implementation
  * DecorationsMenuLayout: use input monitor for menu scrubbing (LP:
    #1614597)
  * PanelView: use InputMonitor to track menu events
  * LockScreenPanel: use InputMonitor events instead of mouse polling
    for menu scrubbing
  * MenuManager: add support for mouse trackers with triangle algorithm
    support (LP: #1618405)
  * PanelView: scale gradient refinement properly
  * PanelService: don't allow to deactivate menus if they've been opened
    too shortly
  * LockScreenController: ignore icon_paths_changed signal in
    menumanager for Lockscreen
  * LockScreenController: use InputMonitor to get all the events and
    hide the Blank Window (LP: #1321075)
  * LockScreenController: use input monitor to get the events to switch
    monitor (LP: #1316862)
  * LauncherOptions: use track_obj to manage option changes (LP:
    #1622995)
  * UnityScreen: toggle gestures recognition on lock (LP: #1645507)
  * GnomeSessionManager: add gcancellable to instance and use it for
    calls with temporary proxies
  * BackgroundSettings: use gnome-bg to generate textures with proper
    scaling (LP: #1666359)
  * UnityWindow: safely check validity of UnityWindow from scaled one
    (LP: #1659847)
  * Panel: ensure the menu-manager tracker is updated to match monitor
    (LP: #1671432)
  * compiz-profile-setter: tool to update the current profile and use in
    systemd and Unity settings (LP: #1668950)
  * BGHash, UnityScreen: get desktop averageColor from compiz
  * Launcher: disable or reduce most icon effects on lowgfx (LP:
    #1700859)
  * PanelController: ensure we disconnect from signals on destruction
    (LP: #1504870)
  * tools: add migration script to set the default values for unity-
    lowgfx profile

  [ Andrea Azzarone ]
  * Properly handle the file manager copy dialog in
    FileManagerLauncherIcon and in StorageLauncherIcon. (LP: #1575452,
    LP: #1609845)
  * Correctly position the force quit dialog when scaling is different
    than 1.0 (LP: #1637991)
  * GnomeSession: Retrieve the session id using dbus if $XDG_SESSION_ID
    is not set
  * Round gtk scaling factor to closest integer. (LP: #1649736)
  * Keep the screen locked if rebooting with autologin. (LP: #1600389)
  * Use g_mkdir_with_parents instead of mkdir.
  * Lockscreen: always draw the background-color in the lockscreen (LP:
    #1702701)
  * Refactor the way UserAuthenticator is created and passed around.
    Handle failures to create new threads and fallback to a "Switch to
    greeter..." button in case of failure. (LP: #1311316)
  * Wait until the color buffer is cleared before suspending. (LP:
    #1532508)

  [ Kai-Heng Feng ]
  * UnitySettings: If scale-factor is not set, find and set right scale
    for HiDPI displays.

  [ Eleni Maria Stea ]
  * shouldn't create blur rectangles when there's ...

Read more...

Changed in unity (Ubuntu Xenial):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for unity has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Juha Luoma (jsluoma) wrote :

I'm still seeing this bug with fully updated 16.04. Machine is HP EliteBook G2, Intel graphics, external display attached via dock's displayport interface.

unity 7.4.5+16.04.20180221-0ubuntu1

wysiwyg31 (wysiwyg31) wrote :

also visible on 18.04 (XPS13 9370)

Cezanne Vahid (cezhunter) wrote :

Also experiencing this bug on 18.04 (XPS13 9370)

Cezanne Vahid (cezhunter) wrote :

Confirmed that this bug occurs when the user has Automatic Screen Lock turned off in Privacy settings.

Nicolas_Raoul (nicolas-raoul) wrote :

Original poster here, I confirm the bug is still present in 18.04 (work on secret files -> close laptop lid -> anyone opening the lid can sometimes see the content even without unlocking) although it happens much less frequently than in 16.04 in my personal experience.

Daniel van Vugt (vanvugt) wrote :

This bug is still open for 18.04 as indicated by:

gnome-shell (Ubuntu) Confirmed

J3K (j3k-2004) wrote :

Still experiencing this bug in Ubuntu Budgie 18.04. Shows the last (pre-hibernate) screen for a brief instant on wake, before displaying the login screen.

Thorsten (thorstenr-42) wrote :

for me this bug is only happening in 18.04 when using the X session and does not occur when using wayland

To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.