Ubuntu
unity package

lock screen bypass with ctrl+alt+t

  1. Trusty (14.04)
  2. Bug #1314247
Bug #1314247 reported by azul on 2014-04-29
318
This bug affects 10 people
Affects Status Importance Assigned to Milestone
Unity
Fix Released
Critical
Marco Trevisan (Treviño)
Unity 7.2.1 "14.04 SRU 1"
unity (Ubuntu)
Fix Released
Critical
Unassigned
Trusty
Fix Released
Critical
Marco Trevisan (Treviño)
Utopic
Fix Released
Critical
Unassigned
Also affects project (?) Also affects distribution/package Nominate for series

Bug Description

I can still bypass the logscreen by rightclicking the indicators some times and then pressing CTRL+ALT+t.

I lock the screen with CTRL+ALT+L.

Then i rightclick on the indicators ( volume, calendar, shutdown) a few times. I have not yet figured out if one of them is the cause... But pressing CTRL+ALT+T shortly after some of those events will open a terminal that i can type into and that will execute commands.

Related branches

lp:~3v1n0/unity/menus-grab-races-fix
Brandon Schaefer (community): Approve on 2014-04-29
Diff: 75 lines (+27/-10)
3 files modified
lockscreen/LockScreenPanel.cpp (+7/-0)
lockscreen/LockScreenShield.cpp (+1/-0)
services/panel-service.c (+19/-10)
Marc Deslauriers (mdeslaur) on 2014-04-29
information type: Private Security → Public Security
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in unity (Ubuntu):
status: New → Confirmed
Marc Deslauriers (mdeslaur) wrote :

Yes, we've managed to reproduce this, and are working on a fix. Thanks.

Changed in unity (Ubuntu Trusty):
status: New → Confirmed
importance: Undecided → Critical
Changed in unity (Ubuntu Utopic):
importance: Undecided → Critical
Changed in unity (Ubuntu Trusty):
assignee: nobody → Marco Trevisan (Treviño) (3v1n0)
Marco Trevisan (Treviño) (3v1n0) on 2014-04-29
Changed in unity:
status: New → In Progress
assignee: nobody → Marco Trevisan (Treviño) (3v1n0)
importance: Undecided → Critical
milestone: none → 7.2.1
Brandon Schaefer (brandontschaefer) on 2014-04-29
Changed in unity (Ubuntu Trusty):
status: Confirmed → In Progress
Marc Deslauriers (mdeslaur) wrote :

Here's a quick status update:

We've been testing some updates to correct this issue, and they solve the problem. While testing, the original bug reporter discovered a regression in the shut down dialogue, which we will address before releasing an update.

Thank you for your patience.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package unity - 7.2.0+14.04.20140423-0ubuntu1.2

---------------
unity (7.2.0+14.04.20140423-0ubuntu1.2) trusty-security; urgency=medium

  * SECURITY UPDATE: more lock screen bypass issues, and regression with
    shutdown dialog (LP: #1314247)
    - debian/patches/lp1314247.patch: improve popup menu handling in
      lockscreen/LockScreenShield.cpp, lockscreen/LockScreenPanel.cpp,
      services/panel-service.c, plugins/unityshell/src/unityshell.cpp,
      lockscreen/LockScreenController.*, shutdown/SessionController.cpp,
      tests/test_session_controller.cpp.
 -- Marc Deslauriers <email address hidden> Wed, 30 Apr 2014 11:11:18 -0400

Changed in unity (Ubuntu Trusty):
status: In Progress → Fix Released
Launchpad Janitor (janitor) on 2014-04-30
Changed in unity (Ubuntu Utopic):
status: Confirmed → Fix Released
Marco Trevisan (Treviño) (3v1n0) on 2014-05-02
Changed in unity:
status: In Progress → Fix Committed
Stephen M. Webb (bregma) on 2014-06-04
Changed in unity:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Duplicates of this bug

Subscribing...

Other bug subscribers