lock screen bypass with ctrl+alt+t

Bug #1314247 reported by azul on 2014-04-29
318
This bug affects 10 people
Affects Status Importance Assigned to Milestone
Unity
Critical
Marco Trevisan (Treviño)
unity (Ubuntu)
Critical
Unassigned
Trusty
Critical
Marco Trevisan (Treviño)
Utopic
Critical
Unassigned

Bug Description

I can still bypass the logscreen by rightclicking the indicators some times and then pressing CTRL+ALT+t.

I lock the screen with CTRL+ALT+L.

Then i rightclick on the indicators ( volume, calendar, shutdown) a few times. I have not yet figured out if one of them is the cause... But pressing CTRL+ALT+T shortly after some of those events will open a terminal that i can type into and that will execute commands.

Related branches

lp:~3v1n0/unity/menus-grab-races-fix
Brandon Schaefer: Approve on 2014-04-29
information type: Private Security → Public Security
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in unity (Ubuntu):
status: New → Confirmed
Marc Deslauriers (mdeslaur) wrote :

Yes, we've managed to reproduce this, and are working on a fix. Thanks.

Changed in unity (Ubuntu Trusty):
status: New → Confirmed
importance: Undecided → Critical
Changed in unity (Ubuntu Utopic):
importance: Undecided → Critical
Changed in unity (Ubuntu Trusty):
assignee: nobody → Marco Trevisan (Treviño) (3v1n0)
Changed in unity:
status: New → In Progress
assignee: nobody → Marco Trevisan (Treviño) (3v1n0)
importance: Undecided → Critical
milestone: none → 7.2.1
Changed in unity (Ubuntu Trusty):
status: Confirmed → In Progress
Marc Deslauriers (mdeslaur) wrote :

Here's a quick status update:

We've been testing some updates to correct this issue, and they solve the problem. While testing, the original bug reporter discovered a regression in the shut down dialogue, which we will address before releasing an update.

Thank you for your patience.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package unity - 7.2.0+14.04.20140423-0ubuntu1.2

---------------
unity (7.2.0+14.04.20140423-0ubuntu1.2) trusty-security; urgency=medium

  * SECURITY UPDATE: more lock screen bypass issues, and regression with
    shutdown dialog (LP: #1314247)
    - debian/patches/lp1314247.patch: improve popup menu handling in
      lockscreen/LockScreenShield.cpp, lockscreen/LockScreenPanel.cpp,
      services/panel-service.c, plugins/unityshell/src/unityshell.cpp,
      lockscreen/LockScreenController.*, shutdown/SessionController.cpp,
      tests/test_session_controller.cpp.
 -- Marc Deslauriers <email address hidden> Wed, 30 Apr 2014 11:11:18 -0400

Changed in unity (Ubuntu Trusty):
status: In Progress → Fix Released
Changed in unity (Ubuntu Utopic):
status: Confirmed → Fix Released
Changed in unity:
status: In Progress → Fix Committed
Stephen M. Webb (bregma) on 2014-06-04
Changed in unity:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Duplicates of this bug

Other bug subscribers