Information leakage in Unity when switching between users
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Unity |
Expired
|
Undecided
|
Unassigned | ||
unity (Ubuntu) |
Expired
|
Low
|
Unassigned |
Bug Description
When switching from one logged in user to another, I'm having the Global Menu title from the previous user displayed after logging into the new user.
This happens under both of these situations:
Both User A and User B are logged in at the same time.
User A most recently used the computer and the screensaver locked the desktop.
User B selects "Switch User" in the unlock dialog and logs in as themself.
... or ...
Both User A and User B are logged in at the same time.
User A's session is unlocked and User B's account is selected from the "Switch User Account" dropdown at the upper right of the screen.
In either scenario, after User B enters their password, the Global Menu title at the top of the screen from User A's session is displayed at the top of User B's display until an event such as moving the mouse around causes the menu bar to be redrawn.
http://
ProblemType: Bug
DistroRelease: Ubuntu 11.10
Package: unity 4.24.0-0ubuntu2b1
ProcVersionSign
Uname: Linux 3.0.0-13-generic x86_64
NonfreeKernelMo
.proc.driver.
.proc.driver.
.proc.driver.
NVRM version: NVIDIA UNIX x86_64 Kernel Module 280.13 Wed Jul 27 16:53:56 PDT 2011
GCC version: gcc version 4.6.1 (Ubuntu/Linaro 4.6.1-9ubuntu3)
.tmp.unity.
ApportVersion: 1.23-0ubuntu4
Architecture: amd64
CompizPlugins: [core,bailer,
CompositorRunning: compiz
Date: Tue Dec 6 22:05:37 2011
DistUpgraded: Log time: 2011-10-15 19:58:38.552557
DistroCodename: oneiric
DistroVariant: ubuntu
GraphicsCard:
nVidia Corporation GF104 [GeForce GTX 460] [10de:0e22] (rev a1) (prog-if 00 [VGA controller])
Subsystem: Micro-Star International Co., Ltd. N460GTX Cyclone 1GD5/OC [1462:2322]
InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Release amd64 (20110427.1)
JockeyStatus:
xorg:nvidia_
xorg:nvidia_
ProcKernelCmdLine: BOOT_IMAGE=
SourcePackage: unity
UpgradeStatus: Upgraded to oneiric on 2011-10-16 (52 days ago)
XorgConf:
Section "Device"
Identifier "Default Device"
Option "NoLogo" "True"
EndSection
dmi.bios.date: 02/10/2011
dmi.bios.vendor: Intel Corp.
dmi.bios.version: BGP6710J.
dmi.board.
dmi.board.name: DP67BG
dmi.board.vendor: Intel Corporation
dmi.board.version: AAG10491-305
dmi.chassis.type: 3
dmi.modalias: dmi:bvnIntelCor
version.compiz: compiz 1:0.9.6+
version.ia32-libs: ia32-libs 20090808ubuntu26
version.libdrm2: libdrm2 2.4.26-1ubuntu1
version.
version.
version.
version.
version.
version.
version.
version.
version.
security vulnerability: | yes → no |
security vulnerability: | yes → no |
visibility: | private → public |
visibility: | private → public |
Changed in unity (Ubuntu): | |
importance: | Undecided → Low |
The information leakage may be very limited in scope, but it's certainly a security vulnerability.