Lock screen doesn't cover entire desktop on HiDPI display with draw-user-backgrounds unchecked

Bug #1666359 reported by Jeremy Nation on 2017-02-21
260
This bug affects 1 person
Affects Status Importance Assigned to Milestone
unity (Ubuntu)
High
Marco Trevisan (Treviño)
Nominated for Xenial by Marco Trevisan (Treviño)
Xenial
Undecided
Unassigned

Bug Description

Ubuntu 16.04.2 LTS using Unity
unity-greeter 16.04.2-0ubuntu1

[Impact]
On a HiDPI monitor on a Dell XPS 13 9343 laptop, if you uncheck com.canonical.unity-greeter -> draw-user-backgrounds and then lock the desktop:

Expected: the purple placeholder wallpaper should cover the entire desktop
Observed: the purple placeholder wallpaper only covers the top-left part of the desktop

I'm attaching an image showing roughly what the desktop looks like when it's locked. The green rectangle is the part covered by the purple wallpaper, the red is stuff that should not be visible when locked, and the yellow is the usual name/password entry box that is partially transparent.

I'm marking this bug as a security vulnerability because it allows someone to see part of a user's desktop even when the desktop is locked.

[Test Case]
1. Make sure to use an HiDPI monitor
2. Open terminal
3. gsettings set com.canonical.unity-greeter draw-user-backgrounds false
4. Lock the screen
5. Make sure the background is properly drawn.

[Potential Regression]
Make sure lockscreen background is drawn properly on an non-HiDPI monitor too. Also make sure that when using "draw-user-backgrounds == true" the background is properly drawn.

Related branches

Jeremy Nation (jnation) on 2017-02-21
information type: Public → Private Security
affects: unity-greeter (Ubuntu) → unity (Ubuntu)
information type: Private Security → Public Security
Changed in unity (Ubuntu):
status: New → In Progress
importance: Undecided → High
assignee: nobody → Marco Trevisan (Treviño) (3v1n0)
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package unity - 7.5.0+17.04.20170222-0ubuntu1

---------------
unity (7.5.0+17.04.20170222-0ubuntu1) zesty; urgency=medium

  * BackgroundSettings: use gnome-bg to generate textures with proper
    scaling (LP: #1666359)

 -- Marco Trevisan (Treviño) <mail@3v1n0.net> Wed, 22 Feb 2017 01:52:54 +0000

Changed in unity (Ubuntu):
status: In Progress → Fix Released
Andrea Azzarone (azzar1) on 2017-07-17
description: updated

Hello Jeremy, or anyone else affected,

Accepted unity into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/unity/7.4.5+16.04.20171116 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in unity (Ubuntu Xenial):
status: New → Fix Committed
tags: added: verification-needed verification-needed-xenial
Jeremy Nation (jnation) wrote :

Thanks for the work on this, however I'm not willing to test the update from xenial-proposed in the base install on the laptop where I found the problem. Were any of you able to verify the fix yourselves? If necessary I can try to reproduce the problem and fix in a VM.

Łukasz Zemczak (sil2100) wrote :

Hello Jeremy, or anyone else affected,

Accepted unity into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/unity/7.4.5+16.04.20171201.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers