Lock screen bypassed by switching to console and then back to GUI

Bug #1552537 reported by hussain on 2016-03-03
270
This bug affects 2 people
Affects Status Importance Assigned to Milestone
unity (Ubuntu)
Critical
Andrea Azzarone
Trusty
Critical
Unassigned

Bug Description

[Impact]

When I lock the screen I found that switching to console and then using ctrl+alt+F7 to switch back to GUI bypasses the lock screen without typing any password. even when I click on switch user after locking the screen if replicate the same process it takes me to the locked user account without prompting for password.

[Test Case]

- Make sure On Screen Keyboard is enabled under Universal Access in System
  Settings
- Lock the screen either from the gui or even using a terminal command.
- switch to a tty i.e ctrl + alt + f4
- Switch back to gui ctrl + alt + F7

ubuntu 15.10.
unity desktop.

ProblemType: Bug
DistroRelease: Ubuntu 15.10
Package: lightdm 1.16.7-0ubuntu1
ProcVersionSignature: Ubuntu 4.2.0-27.32-generic 4.2.8-ckt1
Uname: Linux 4.2.0-27-generic x86_64
ApportVersion: 2.19.1-0ubuntu5
Architecture: amd64
CurrentDesktop: Unity
Date: Thu Mar 3 07:19:08 2016
InstallationDate: Installed on 2015-11-09 (114 days ago)
InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Release amd64 (20151021)
SourcePackage: lightdm
UpgradeStatus: No upgrade log present (probably fresh install)

Related branches

hussain (abuznb195) wrote :
information type: Private Security → Public Security
hussain (abuznb195) on 2016-03-03
description: updated
affects: lightdm (Ubuntu) → unity (Ubuntu)
Seth Arnold (seth-arnold) wrote :

I can't reproduce this; do you perhaps have any of the settings allowing logging in without password or unlocking/resuming without a password configured? Poke around the System Settings, in the brightness and lock, security and privacy, and user account tabs.

Thanks

Changed in unity (Ubuntu):
status: New → Incomplete
hussain (abuznb195) wrote :

All the settings are set to require password. and sure enough it does prompt for a password but it can be bypassed by the steps I mentioned.

I just reproduced it on latest Xenial.

Changed in unity (Ubuntu):
status: Incomplete → Confirmed
Seth Arnold (seth-arnold) wrote :

Peeter, Hussain, could you guys give some directions on how to reproduce this issue after a fresh install into a VM?

Thanks

hussain, Peeter can you reproduce that everytime regurarly?

Before doing the tty switch, please in a terminal run:
  gdbus monitor --system --dest org.freedesktop.login1 &
  gdbus monitor --session --dest com.canonical.Unity

And let us know what happens

hussain (abuznb195) wrote :

I don't know what happened but my problem was solved after I did the following :

I tried changing the lock screen to something that looks similar to the login greeter. At first it didn't work.
After a while I had a problem with the panel and launcher not showing up in my account. So I created a new user and I was surprised that the lock screen change worked. So I try to bypass the lock screen and I discover that I can't do it anymore.

In answer to your question: yes I could reproduce it every single time before changing the lock screen.

Ouch... Having a broken system would have been good for debugging.

Alex (athewsey) wrote :

I'm currently experiencing this on 15.10. Any data I can provide to help?

Alex, could you do what I've explained on comment #6 (https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1552537/comments/6).

Also providing your auth.log could help.

Download full text (3.2 KiB)

Marco, I can reproduce that with 100% reliability on my 16.04 beta (with all the updates installed). When I see the auth dialog (i.e. after locking the screen or returning from sleep), I hit ctrl+alt+F6 ctrl+alt+F7 and gain access to my system. During the process, nothing at all gets added to /var/log/auth.log

user@host:~$ gdbus monitor --system --dest org.freedesktop.login1 & gdbus monitor --session --dest com.canonical.Unity
[1] 26646
Monitoring signals from all objects owned by org.freedesktop.login1
The name org.freedesktop.login1 is owned by :1.4
Monitoring signals from all objects owned by com.canonical.Unity
The name com.canonical.Unity is owned by :1.14
/org/freedesktop/login1/session/c2: org.freedesktop.DBus.Properties.PropertiesChanged ('org.freedesktop.login1.Session', {'IdleHint': <true>, 'IdleSinceHint': <uint64 1459227675096697>, 'IdleSinceHintMonotonic': <uint64 11646057942>}, @as [])
/org/freedesktop/login1/seat/seat0: org.freedesktop.DBus.Properties.PropertiesChanged ('org.freedesktop.login1.Seat', {'IdleHint': <true>, 'IdleSinceHint': <uint64 1459227675096697>, 'IdleSinceHintMonotonic': <uint64 11646057942>}, @as [])
/org/freedesktop/login1/user/_1000: org.freedesktop.DBus.Properties.PropertiesChanged ('org.freedesktop.login1.User', {'IdleHint': <true>, 'IdleSinceHint': <uint64 1459227675096697>, 'IdleSinceHintMonotonic': <uint64 11646057942>}, @as [])
/org/freedesktop/login1: org.freedesktop.DBus.Properties.PropertiesChanged ('org.freedesktop.login1.Manager', {'IdleHint': <true>, 'IdleSinceHint': <uint64 1459227675096697>, 'IdleSinceHintMonotonic': <uint64 11646057942>}, @as [])
/org/freedesktop/login1/session/c2: org.freedesktop.DBus.Properties.PropertiesChanged ('org.freedesktop.login1.Session', {'Active': <false>}, @as [])
/org/freedesktop/login1/seat/seat0: org.freedesktop.DBus.Properties.PropertiesChanged ('org.freedesktop.login1.Seat', {'ActiveSession': <('', objectpath '/')>}, @as [])
/org/freedesktop/login1/session/c2: org.freedesktop.DBus.Properties.PropertiesChanged ('org.freedesktop.login1.Session', {'Active': <true>}, @as [])
/org/freedesktop/login1/seat/seat0: org.freedesktop.DBus.Properties.PropertiesChanged ('org.freedesktop.login1.Seat', {'ActiveSession': <('c2', objectpath '/org/freedesktop/login1/session/c2')>}, @as [])
/org/freedesktop/login1/session/c2: org.freedesktop.DBus.Properties.PropertiesChanged ('org.freedesktop.login1.Session', {'IdleHint': <false>, 'IdleSinceHint': <uint64 1459227691145076>, 'IdleSinceHintMonotonic': <uint64 11662106321>}, @as [])
/org/freedesktop/login1/seat/seat0: org.freedesktop.DBus.Properties.PropertiesChanged ('org.freedesktop.login1.Seat', {'IdleHint': <false>, 'IdleSinceHint': <uint64 1459227691145076>, 'IdleSinceHintMonotonic': <uint64 11662106321>}, @as [])
/org/freedesktop/login1/user/_1000: org.freedesktop.DBus.Properties.PropertiesChanged ('org.freedesktop.login1.User', {'IdleHint': <false>, 'IdleSinceHint': <uint64 1459227691145076>, 'IdleSinceHintMonotonic': <uint64 11662106321>}, @as [])
/org/freedesktop/login1: org.freedesktop.DBus.Properties.PropertiesChanged ('org.freedesktop.login1.Manager', {'IdleHint': <false>, 'IdleSinceHint': <uint64 1459227691145076>, ...

Read more...

Changed in unity (Ubuntu):
importance: Undecided → Medium
Andrea Azzarone (azzar1) wrote :

Can you please check if in the system settings the "On Screen Keyboard" is enabled?

Changed in unity (Ubuntu):
importance: Medium → Critical
hussain (abuznb195) wrote :

When I had the problem on screen keyboard was enabled. And it shows up upon signing in.

Checked. On my system, the bug only manifests itself when on-screen keyboard (onboard) is enabled.

Andrea Azzarone (azzar1) wrote :

Ok, a fix has already been proposed. Thanks.

Changed in unity (Ubuntu):
status: Confirmed → In Progress
assignee: nobody → Andrea Azzarone (azzar1)
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package unity - 7.4.0+16.04.20160415-0ubuntu1

---------------
unity (7.4.0+16.04.20160415-0ubuntu1) xenial; urgency=medium

  [ Andrea Azzarone ]
  * Do not use pointers to LazyLoadTextures. (LP: #1569100)
  * Fix unity script crash. (LP: #1566565)
  * LockscreenController: Don't use SetActivate(False) for gnome-
    screensaver to prevent unlocking on tty switch. It will not only
    deactivate the screensaver but also unlock the screen. (LP:
    #1552537)
  * unityshell.xml: Fix typo (LP: #1559427)

 -- Marco Trevisan (Treviño) <mail@3v1n0.net> Fri, 15 Apr 2016 05:33:08 +0000

Changed in unity (Ubuntu):
status: In Progress → Fix Released

Hello hussain, or anyone else affected,

Accepted unity into trusty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/unity/7.2.6+14.04.20160408-0ubuntu1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in unity (Ubuntu Trusty):
status: New → Fix Committed
tags: added: verification-needed
Changed in unity (Ubuntu Trusty):
importance: Undecided → Critical

Anyone can test this for Trusty SRU?

description: updated
Mathew Hodson (mathew-hodson) wrote :

I reproduced this issue in Trusty, but it is still broken with unity/7.2.6+14.04.20160408-0ubuntu1

Another issue I found is that while On Screen Keyboard is enabled, the Lock shortcut doesn't work and neither does selecting Lock from the menu or when logging out.

To test, what I did was switch to Guest Session and then log out to get to the lock screen.

$ apt list --installed unity unity-services libunity-core-6.0-9
Listing... Done
libunity-core-6.0-9/now 7.2.6+14.04.20160408-0ubuntu1 amd64 [installed,local]
unity/now 7.2.6+14.04.20160408-0ubuntu1 amd64 [installed,local]
unity-services/now 7.2.6+14.04.20160408-0ubuntu1 amd64 [installed,local]

tags: added: verification-failed
removed: verification-needed
Andrea Azzarone (azzar1) wrote :

@Mathew I cannot understand from your comment if you marked the bug as verification-failed because you fail to lock the screen or beucase you can bypass as described in the description.

Mathew Hodson (mathew-hodson) wrote :

I was able to bypass the lockscreen as described in the description.

The lock command failing is another issue that appeared for me when On Screen Keyboard is enabled. I mentioned it because it makes the test somewhat different. I was still able to test the bypass by switching to Guest Session and then logging out to get to the lock screen.

Andrea Azzarone (azzar1) wrote :

Are you sure are you running the last version? Did you restart (actually a logout is enough) after the upgrade?

Mathew Hodson (mathew-hodson) wrote :

I did do a system restart before I tested, and I was using unity/7.2.6+14.04.20160408-0ubuntu1 from -proposed.

Martin Pitt (pitti) wrote :

So this is "just" this bug not being fixed still, but not actually a regression. I'll release this update to fix bug 1568031 and will then reopen this.

The verification of the Stable Release Update for unity has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package unity - 7.2.6+14.04.20160408-0ubuntu1

---------------
unity (7.2.6+14.04.20160408-0ubuntu1) trusty; urgency=medium

  [ Andrea Azzarone ]
  * Don't use SetActivate from gnome-screensaver as it will not only
    deactivate the screensaver but also unlock the screen. (LP:
    #1552537)
  * Improve the "lock on suspend" logic to always keep in sync the
    inhibitor with the lockscreen. (LP: #1568031)

 -- Marco Trevisan (Treviño) <mail@3v1n0.net> Fri, 08 Apr 2016 16:34:44 +0000

Changed in unity (Ubuntu Trusty):
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
Martin Pitt (pitti) wrote :

Reopening trusty task, see above. Sorry for the "fix released" noise, this cannot be avoided due to releasing the package for the other bug.

Changed in unity (Ubuntu Trusty):
status: Fix Released → Triaged
tags: removed: verification-failed
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers