Ubuntu
unity package

lock screen bypass with ctrl+alt+t

Trusty (14.04)
Bug #1314247

Bug #1314247 reported by azul on 2014-04-29

318

This bug affects 10 people

	Status	Importance	Assigned to	Milestone
Unity	Fix Released	Critical	Marco Trevisan (Treviño)	Unity 7.2.1 "14.04 SRU 1"
unity (Ubuntu)	Fix Released	Critical	Unassigned
Trusty	Fix Released	Critical	Marco Trevisan (Treviño)
Utopic	Fix Released	Critical	Unassigned

Bug Description

I can still bypass the logscreen by rightclicking the indicators some times and then pressing CTRL+ALT+t.

I lock the screen with CTRL+ALT+L.

Then i rightclick on the indicators ( volume, calendar, shutdown) a few times. I have not yet figured out if one of them is the cause... But pressing CTRL+ALT+T shortly after some of those events will open a terminal that i can type into and that will execute commands.

Related branches

lp:~3v1n0/unity/menus-grab-races-fix

Merged into lp:unity at revision 3793

Brandon Schaefer (community): Approve on 2014-04-29

Marc Deslauriers (mdeslaur) on 2014-04-29

information type:

Private Security → Public Security

Revision history for this message

Launchpad Janitor (janitor) wrote on 2014-04-29:

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in unity (Ubuntu):
status:	New → Confirmed

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2014-04-29:

Yes, we've managed to reproduce this, and are working on a fix. Thanks.

Changed in unity (Ubuntu Trusty):
status:	New → Confirmed
importance:	Undecided → Critical
Changed in unity (Ubuntu Utopic):
importance:	Undecided → Critical
Changed in unity (Ubuntu Trusty):
assignee:	nobody → Marco Trevisan (Treviño) (3v1n0)

Marco Trevisan (Treviño) (3v1n0) on 2014-04-29

Changed in unity:
status:	New → In Progress
assignee:	nobody → Marco Trevisan (Treviño) (3v1n0)
importance:	Undecided → Critical
milestone:	none → 7.2.1

Brandon Schaefer (brandontschaefer) on 2014-04-29

Changed in unity (Ubuntu Trusty):
status:	Confirmed → In Progress

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2014-04-30:

Here's a quick status update:

We've been testing some updates to correct this issue, and they solve the problem. While testing, the original bug reporter discovered a regression in the shut down dialogue, which we will address before releasing an update.

Thank you for your patience.

Revision history for this message

Launchpad Janitor (janitor) wrote on 2014-04-30:

This bug was fixed in the package unity - 7.2.0+14.04.20140423-0ubuntu1.2

---------------
unity (7.2.0+14.04.20140423-0ubuntu1.2) trusty-security; urgency=medium

  * SECURITY UPDATE: more lock screen bypass issues, and regression with
    shutdown dialog (LP: #1314247)
    - debian/patches/lp1314247.patch: improve popup menu handling in
      lockscreen/LockScreenShield.cpp, lockscreen/LockScreenPanel.cpp,
      services/panel-service.c, plugins/unityshell/src/unityshell.cpp,
      lockscreen/LockScreenController.*, shutdown/SessionController.cpp,
      tests/test_session_controller.cpp.
-- Marc Deslauriers <email address hidden> Wed, 30 Apr 2014 11:11:18 -0400

Changed in unity (Ubuntu Trusty):
status:	In Progress → Fix Released

Launchpad Janitor (janitor) on 2014-04-30

Changed in unity (Ubuntu Utopic):
status:	Confirmed → Fix Released

Marco Trevisan (Treviño) (3v1n0) on 2014-05-02

Changed in unity:
status:	In Progress → Fix Committed

Stephen M. Webb (bregma) on 2014-06-04

Changed in unity:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

Duplicates of this bug

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuunity package

lock screen bypass with ctrl+alt+t

Bug Description

Related branches

Duplicates of this bug

Other bug subscribers

Remote bug watches

Ubuntu
unity package