mate-screensaver screen lock can be bypassed by power cycling monitor

Bug #1768352 reported by Fizzfadlt on 2018-05-01
352
This bug affects 16 people
Affects Status Importance Assigned to Milestone
MATE Desktop
Fix Released
Unknown
mate-screensaver (Ubuntu)
High
Martin Wimpress
Bionic
High
Simon Quigley

Bug Description

[Impact]

Without this fix, power cycling a monitor bypasses the screen lock. This upload also includes much improved translations.

[Test Case]

After installing this fix, run through the following procedure:
 - Lock Screen
 - Turn off monitor
 - Turn monitor on
 - Start typing

See the original bug description below for a more detailed test case.

[Regression Potential]

Since this cleans up some GdkScreen deprecations, if the underlying GdkScreen is updated, this could regress once more.

Additionally, this changes the function name for detecting if the monitor has changed and adds a new one, so if a library or package depends on the internal functions of mate-screensaver for some reason, there will be breakage.

Other than these two, the regression potential is very low.

[Original Description]

See https://github.com/mate-desktop/mate-screensaver/issues/155

Lock Screen
Turn off monitor
Turn monitor on
Start typing
Expect to see lock screen on monitor

Actual behaviour
Lock Screen
Turn off monitor
Turn monitor on
Start typing
Expect to see lock screen on monitor

Steps to reproduce the behaviour
adddate() {
   while IFS= read -r line; do
      echo "$(date) $line"
   done
}
killall mate-screensaver
mate-screensaver --no-daemon --debug 2>&1 \
  | adddate > screen.log
Wait 60 seconds
Lock screen (I used Window manager shortcut)
Wait 60 seconds
Power off monitor (soft off)
Wait 60 seconds
Power on monitor
Wait 9 seconds (that's how long it takes monitor to boot)
Can see and use screen/type/etc; it is (effectively) unlocked.

Notes/logs:
mate-screensaver-command -q reports:

after killall mate-screensaver:
Screensaver is not running!
After re-running mate-screensaver:
The screensaver is inactive
The screensaver is not inhibited
After locking (stays this way forever even while using the computer)
The screensaver is active
The screensaver is not inhibited
Same as above, annotated with logs: (attached for ease of reading)
mate-screensaver --no-daemon --debug
mate-screensaver-1.txt

Wait 60 seconds
Lock screen (I used Window manager shortcut)
mate-screensaver-2.txt

Wait 60 seconds
Power off monitor (soft off)
mate-screensaver-3.txt
dmesg-3.txt

Wait 60 seconds
Power on monitor
mate-screensaver-4.txt
dmesg-4.txt

Wait 9 seconds (that's how long it takes monitor to boot)
Can see and use screen/type/etc; it is (effectively) unlocked.
dmesg-5.txt

(there is no dmesg-1.txt or dmesg-2.txt or mate-screensaver-5.txt (blank during that time))

Troubleshooting
This occurred on two machines.

Home Machine
Problem occurred on Ubuntu 16.04 (do not have logs unfortunately)
Unsure what version of mate it was at the time
If relevant
monitor was 2560x1600
Uses nvidia drivers
Upgrading to Ubuntu 18.04 (which upgraded mate to 1.20.0) fixed the problem on home machine.
Work Machine
Problem occurred on Ubuntu 17.10 (mate 1.18) (do not have logs unfortunately)
Upgrading to Ubuntu 18.04 (mate 1.20.0) did NOT fix the problem.
If relevant
monitor is 3840x2160
Problem still occurs if I switch to different resolution
Has no dedicated video card/using intel onboard graphics
monitor is a USB hub.. problem still reproduces if I disconnect the usb cable and have the keyboard connected some other way.
Please let me know what other logs/steps may be useful.

MATE general version
1.20.0

Package version
mate-screensaver 1.20.0-1
See attached
mate-packages.txt
for full list of all mate-related package versions

Linux Distribution
Ubuntu 18.04

ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: mate-screensaver 1.20.0-1
ProcVersionSignature: Ubuntu 4.15.0-20.21-generic 4.15.17
Uname: Linux 4.15.0-20-generic x86_64
ApportVersion: 2.20.9-0ubuntu7
Architecture: amd64
CurrentDesktop: MATE
Date: Tue May 1 13:56:54 2018
ExecutablePath: /usr/bin/mate-screensaver
InstallationDate: Installed on 2018-02-22 (67 days ago)
InstallationMedia: Ubuntu-MATE 17.10 "Artful Aardvark" - Release amd64 (20180106)
ProcEnviron:
 XDG_RUNTIME_DIR=<set>
 SHELL=/usr/bin/fish
 LANGUAGE=en_US
 PATH=(custom, user)
 LANG=en_US.UTF-8
SourcePackage: mate-screensaver
UpgradeStatus: No upgrade log present (probably fresh install)

CVE References

Fizzfadlt (fizzfaldt) wrote :
Fizzfadlt (fizzfaldt) wrote :

Output of mate-screensaver --debug
before locking

Fizzfadlt (fizzfaldt) wrote :

Output of mate-screensaver after locking screen

Fizzfadlt (fizzfaldt) wrote :

output of mate-screensaver after powering off (soft off) monitor

Fizzfadlt (fizzfaldt) wrote :

Output of dmesg after powering off (soft off) monitor

Fizzfadlt (fizzfaldt) wrote :

output of mate-screensaver after powering monitor back on

Fizzfadlt (fizzfaldt) wrote :

Output of dmesg after powering monitor back on

Fizzfadlt (fizzfaldt) wrote :

Output of dmesg after monitor finishes booting (and I can now just the screen as if it wasn't locked)

Fizzfadlt (fizzfaldt) wrote :

Re: "UpgradeStatus: No upgrade log present (probably fresh install)"
I didn't use `do-release-upgrade` by mistake.
I changed `artful` to `bionic` in sources.list and slowly did dist-upgrade carefully. I didn't realize that would actually be considered an upgrade and I could not do `do-release-upgrade` afterwards.

Please let me know if there is anything I can add (from work or home machine) that might help track this down.

Seth Arnold (seth-arnold) wrote :

Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures

Changed in mate-desktop:
status: Unknown → Incomplete
Changed in mate-screensaver (Ubuntu):
status: New → Incomplete
Changed in mate-desktop:
status: Incomplete → New
Fizzfadlt (fizzfaldt) wrote :

Can you help me make this bug public, so that the upstream bug can refer to information here?
I can't see how to do that.

Seth Arnold (seth-arnold) wrote :

Thanks Fizzfadlt, I forgot this script doesn't set the bug public. I've done so now. (The trick is the "private security" link in the upper right hand corner -- change that to "public security".)

Thanks

information type: Private Security → Public Security
Changed in mate-desktop:
status: New → Fix Released

This is fixed in Ubuntu MATE 18.10 via mate-screensaver 1.20.2-1 which we will SRU to 18.04.

Changed in mate-screensaver (Ubuntu):
status: Incomplete → Fix Released
Changed in mate-screensaver (Ubuntu Bionic):
status: New → Triaged
importance: Undecided → High
assignee: nobody → Martin Wimpress (flexiondotorg)
Changed in mate-screensaver (Ubuntu):
importance: Undecided → High
assignee: nobody → Martin Wimpress (flexiondotorg)
KennoVO (kenno-xs4all) wrote :

Any progress on fixing this in the LTS version?

AFAIC this is a pretty high-profile security issue, and may not very prudent to leave open for months after it's fixed upstream. Imagine the storm of bad press if Microsoft or Apple were to pull something like this - or even if this bug report catches the eye of the wrong people...

Simon Quigley (tsimonq2) wrote :

The best solution is to backport the release currently in Cosmic and Disco, because these are just bugfixes.

Simon Quigley (tsimonq2) on 2018-11-27
description: updated
Simon Quigley (tsimonq2) on 2018-11-28
Changed in mate-screensaver (Ubuntu Bionic):
assignee: Martin Wimpress (flexiondotorg) → Simon Quigley (tsimonq2)
Steve Langasek (vorlon) wrote :

Test case for SRU should include reproducing the original problem that you are trying to fix, and not refer elsewhere for a "more detailed test case".

I think there should also be some exploratory testing here of related behavior around multiple monitor handling and unlocking, given the size of the delta.

Changed in mate-screensaver (Ubuntu Bionic):
status: Triaged → Incomplete
Philippe (philippe734) wrote :

I had this problem today with a TV plugged into HDMI on 18.04.1 Mate (mate-screensaver 1.20.0-1). How to track the progress of the patch in SRU 18.04? How to check that a machine with 18.04 will be patched?

Philippe (philippe734) wrote :

Same issue with DisplayPort (Blank lockscreen, unplug the display cable, wakeup lockscreen, plug cable to bypass).

Eugene Seppel (seppel) wrote :

So what's up with this security issue?
I've reported it to mate-desktop and they says that it is up to Ubuntu maintainers to release fixed version.
https://github.com/mate-desktop/mate-screensaver/issues/180
It is a critical security issue and I had to switch to different window manager on my work laptop because this issue places my work laptop and thus my employer at risk. Require update for Ubuntu 18.04 ASAP!

Seth Arnold (seth-arnold) wrote :

Hello Eugene, are you in a position to be able to prepare an update for this issue?

You can find some more information on preparing a debdiff for sponsorship at https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures

Thanks

Seth Arnold (seth-arnold) wrote :

Oh! Simon has already prepared an update, it just needs someone to test it and report that it works:

https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+packages

Can anyone here test and report back if this update addresses the issue and doesn't introduce new problems?

Thanks

Jan Teluch (dehumanizer) wrote :

I can confirm the updated mate-screensaver fixes the issue (somehow). There is still maybe half-second blink of visible desktop when I disconnect an external monitor from HDMI port while the screen is locked. After that, the screen is properly locked. Still, the quick blink of desktop is a security issue and it might also be possible for a malicious hacker to insert a USB device which emulates keyboard and might kill the screensaver completely while the screen blinks.

An upload of mate-screensaver to bionic-proposed has been rejected from the upload queue for the following reason: "rejected due to lack of adequate SRU test case as requested on the bug".

To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.