2016-08-09 14:34:04 |
Sebastien Bacher |
description |
To replicate the bug I follow these steps:
1) Lock the session
2) in the login screen click the password input field so the focus is in the field
3) I press the keyboard short-cut to switch language from English to Hebrew. My shortcut is just the Super key ( I previously changed the keyboard short-cut to switch languages to be just the Super key, and disabled the default behavior of opening the launch pad when the Super key is pressed. )
What happens then is that for a second I can see the desktop (or any window which is currently opened) even though the session is locked, and then it flashes back to the login screen. Using a camera an attacker can take a snap of my screen.
Ubuntu 16.04.1 LTS
Unity: 7.4.0+16.04.20160715-0ubuntu1
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: unity 7.4.0+16.04.20160715-0ubuntu1
ProcVersionSignature: Ubuntu 4.4.0-31.50-generic 4.4.13
Uname: Linux 4.4.0-31-generic x86_64
.tmp.unity_support_test.0:
ApportVersion: 2.20.1-0ubuntu2.1
Architecture: amd64
CompizPlugins: No value set for `/apps/compiz-1/general/screen0/options/active_plugins'
CompositorRunning: compiz
CompositorUnredirectDriverBlacklist: '(nouveau|Intel).*Mesa 8.0'
CompositorUnredirectFSW: true
CurrentDesktop: Unity
Date: Mon Aug 8 16:31:02 2016
DistUpgraded: Fresh install
DistroCodename: xenial
DistroVariant: ubuntu
GraphicsCard:
Intel Corporation 4 Series Chipset Integrated Graphics Controller [8086:2e12] (rev 03) (prog-if 00 [VGA controller])
Subsystem: Hewlett-Packard Company 4 Series Chipset Integrated Graphics Controller [103c:3646]
Subsystem: Hewlett-Packard Company 4 Series Chipset Integrated Graphics Controller [103c:3646]
GsettingsChanges:
b'org.compiz.core' b'outputs' b"['1280x1024+0+0']"
b'org.compiz.core' b'active-plugins' b"['core', 'composite', 'opengl', 'regex', 'resize', 'vpswitch', 'animation', 'copytex', 'imgpng', 'expo', 'unitymtgrabhandles', 'compiztoolbox', 'move', 'commands', 'wall', 'place', 'fade', 'workarounds', 'grid', 'mousepoll', 'snap', 'ezoom', 'session', 'scale', 'unityshell']"
b'com.canonical.Unity' b'minimize-count' b'15'
b'org.gnome.desktop.interface' b'gtk-im-module' b"'gtk-im-context-simple'"
b'org.gnome.desktop.interface' b'scaling-factor' b'uint32 1'
InstallationDate: Installed on 2016-08-04 (3 days ago)
InstallationMedia: Ubuntu 16.04.1 LTS "Xenial Xerus" - Release amd64 (20160719)
MachineType: Hewlett-Packard HP Compaq 8000 Elite SFF PC
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-4.4.0-31-generic root=/dev/mapper/ubuntu--vg-root ro quiet splash vt.handoff=7
SourcePackage: unity
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 07/20/2011
dmi.bios.vendor: Hewlett-Packard
dmi.bios.version: 786G7 v01.13
dmi.board.name: 3646h
dmi.board.vendor: Hewlett-Packard
dmi.chassis.type: 4
dmi.chassis.vendor: Hewlett-Packard
dmi.modalias: dmi:bvnHewlett-Packard:bvr786G7v01.13:bd07/20/2011:svnHewlett-Packard:pnHPCompaq8000EliteSFFPC:pvr:rvnHewlett-Packard:rn3646h:rvr:cvnHewlett-Packard:ct4:cvr:
dmi.product.name: HP Compaq 8000 Elite SFF PC
dmi.sys.vendor: Hewlett-Packard
version.compiz: compiz 1:0.9.12.2+16.04.20160714-0ubuntu1
version.ia32-libs: ia32-libs N/A
version.libdrm2: libdrm2 2.4.67-1ubuntu0.16.04.1
version.libgl1-mesa-dri: libgl1-mesa-dri 11.2.0-1ubuntu2.1
version.libgl1-mesa-dri-experimental: libgl1-mesa-dri-experimental N/A
version.libgl1-mesa-glx: libgl1-mesa-glx 11.2.0-1ubuntu2.1
version.xserver-xorg-core: xserver-xorg-core 2:1.18.3-1ubuntu2.3
version.xserver-xorg-input-evdev: xserver-xorg-input-evdev 1:2.10.1-1ubuntu2
version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:7.7.0-1
version.xserver-xorg-video-intel: xserver-xorg-video-intel 2:2.99.917+git20160325-1ubuntu1
version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:1.0.12-1build2
xserver.bootTime: Mon Aug 8 15:32:09 2016
xserver.configfile: default
xserver.errors:
xserver.logfile: /var/log/Xorg.0.log
xserver.outputs:
xserver.version: 2:1.18.3-1ubuntu2.3 |
To replicate the bug I follow these steps:
1) Configure your switch input to a key like ctrl or shift
2) Lock the session and in the login screen click the password input field so the focus is in the field
3) I press the keyboard short-cut to switch language from English to Hebrew. My shortcut is just the Super key ( I previously changed the keyboard short-cut to switch languages to be just the Super key, and disabled the default behavior of opening the launch pad when the Super key is pressed. )
What happens then is that for a second I can see the desktop (or any window which is currently opened) even though the session is locked, and then it flashes back to the login screen. Using a camera an attacker can take a snap of my screen.
Ubuntu 16.04.1 LTS
Unity: 7.4.0+16.04.20160715-0ubuntu1
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: unity 7.4.0+16.04.20160715-0ubuntu1
ProcVersionSignature: Ubuntu 4.4.0-31.50-generic 4.4.13
Uname: Linux 4.4.0-31-generic x86_64
.tmp.unity_support_test.0:
ApportVersion: 2.20.1-0ubuntu2.1
Architecture: amd64
CompizPlugins: No value set for `/apps/compiz-1/general/screen0/options/active_plugins'
CompositorRunning: compiz
CompositorUnredirectDriverBlacklist: '(nouveau|Intel).*Mesa 8.0'
CompositorUnredirectFSW: true
CurrentDesktop: Unity
Date: Mon Aug 8 16:31:02 2016
DistUpgraded: Fresh install
DistroCodename: xenial
DistroVariant: ubuntu
GraphicsCard:
Intel Corporation 4 Series Chipset Integrated Graphics Controller [8086:2e12] (rev 03) (prog-if 00 [VGA controller])
Subsystem: Hewlett-Packard Company 4 Series Chipset Integrated Graphics Controller [103c:3646]
Subsystem: Hewlett-Packard Company 4 Series Chipset Integrated Graphics Controller [103c:3646]
GsettingsChanges:
b'org.compiz.core' b'outputs' b"['1280x1024+0+0']"
b'org.compiz.core' b'active-plugins' b"['core', 'composite', 'opengl', 'regex', 'resize', 'vpswitch', 'animation', 'copytex', 'imgpng', 'expo', 'unitymtgrabhandles', 'compiztoolbox', 'move', 'commands', 'wall', 'place', 'fade', 'workarounds', 'grid', 'mousepoll', 'snap', 'ezoom', 'session', 'scale', 'unityshell']"
b'com.canonical.Unity' b'minimize-count' b'15'
b'org.gnome.desktop.interface' b'gtk-im-module' b"'gtk-im-context-simple'"
b'org.gnome.desktop.interface' b'scaling-factor' b'uint32 1'
InstallationDate: Installed on 2016-08-04 (3 days ago)
InstallationMedia: Ubuntu 16.04.1 LTS "Xenial Xerus" - Release amd64 (20160719)
MachineType: Hewlett-Packard HP Compaq 8000 Elite SFF PC
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-4.4.0-31-generic root=/dev/mapper/ubuntu--vg-root ro quiet splash vt.handoff=7
SourcePackage: unity
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 07/20/2011
dmi.bios.vendor: Hewlett-Packard
dmi.bios.version: 786G7 v01.13
dmi.board.name: 3646h
dmi.board.vendor: Hewlett-Packard
dmi.chassis.type: 4
dmi.chassis.vendor: Hewlett-Packard
dmi.modalias: dmi:bvnHewlett-Packard:bvr786G7v01.13:bd07/20/2011:svnHewlett-Packard:pnHPCompaq8000EliteSFFPC:pvr:rvnHewlett-Packard:rn3646h:rvr:cvnHewlett-Packard:ct4:cvr:
dmi.product.name: HP Compaq 8000 Elite SFF PC
dmi.sys.vendor: Hewlett-Packard
version.compiz: compiz 1:0.9.12.2+16.04.20160714-0ubuntu1
version.ia32-libs: ia32-libs N/A
version.libdrm2: libdrm2 2.4.67-1ubuntu0.16.04.1
version.libgl1-mesa-dri: libgl1-mesa-dri 11.2.0-1ubuntu2.1
version.libgl1-mesa-dri-experimental: libgl1-mesa-dri-experimental N/A
version.libgl1-mesa-glx: libgl1-mesa-glx 11.2.0-1ubuntu2.1
version.xserver-xorg-core: xserver-xorg-core 2:1.18.3-1ubuntu2.3
version.xserver-xorg-input-evdev: xserver-xorg-input-evdev 1:2.10.1-1ubuntu2
version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:7.7.0-1
version.xserver-xorg-video-intel: xserver-xorg-video-intel 2:2.99.917+git20160325-1ubuntu1
version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:1.0.12-1build2
xserver.bootTime: Mon Aug 8 15:32:09 2016
xserver.configfile: default
xserver.errors:
xserver.logfile: /var/log/Xorg.0.log
xserver.outputs:
xserver.version: 2:1.18.3-1ubuntu2.3 |
|