[Trusty / Unity] Desktop got unlocked on its own.

Bug #1410582 reported by Jennifer Pan on 2015-01-13
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Unity
Fix Released
Critical
Andrea Azzarone
7.2
Fix Released
Critical
Andrea Azzarone
unity (Ubuntu)
Critical
Andrea Azzarone
Trusty
Critical
Stephen M. Webb

Bug Description

[Impact]

Certain code paths may cause the Unity lockscreen to crash, which can allow the screen to be unlocked without a password entry.

[Test Case]

Unfortunately this bug only appears under certain race conditions and is not reliably reproduce able.

[Regression Potential]

The change in the code simply assumes that if a screen is already locked, then it is lockable this avoiding certain operations that are inherently racy. It is possible that this fix does not avoid all possible crash conditions in the lockscreen and there may still be unaccounted-for crashes in the lockscreen.

[Other Info]

This fix was cherry picked for Ubuntu 14.04 LTS from the Ubuntu "Vivid Vervet" dev release where it has been in testing for some time.

Related branches

Andrea Azzarone (azzar1) wrote :

Is that the complete stacktrace or do you have something more?

Jennifer Pan (jenpan) wrote :
Download full text (8.0 KiB)

   Yes. Here is the output when I ran apport-retrace. Sorry that I can't attach the crash file as it includes some user information. I was a bit careful about not to accidentally include any user info.
==========================================================================
apport-retrace -s -R _usr_bin_compiz.19532.crash
==========================================================================
gpgv: Can't check signature: public key not found
dpkg-source: warning: failed to verify signature on ./compiz_1:0.9.11.3+14.04.20141104-0ubuntu1.dsc
dpkg-source: info: extracting compiz in compiz-0.9.11.3+14.04.20141104
dpkg-source: info: unpacking compiz_0.9.11.3+14.04.20141104.orig.tar.gz
dpkg-source: info: applying compiz_0.9.11.3+14.04.20141104-0ubuntu1.diff.gz
--- stack trace ---
#0 0x00007ff17ed06608 in ?? () from /usr/lib/x86_64-linux-gnu/gio/modules/libdconfsettings.so
No symbol table info available.
#1 0x00007ff17ed06cf3 in ?? () from /usr/lib/x86_64-linux-gnu/gio/modules/libdconfsettings.so
No symbol table info available.
#2 0x00007ff17ed04e2d in ?? () from /usr/lib/x86_64-linux-gnu/gio/modules/libdconfsettings.so
No symbol table info available.
#3 0x00007ff17f3fdd02 in g_settings_backend_read (backend=<optimized out>, key=key@entry=0xab011c0 "/org/gnome/desktop/lockdown/disable-lock-screen", expected_type=0x7ff1877135a0 <g_variant_type_info_basic_chars>, default_value=default_value@entry=0) at /build/buildd/glib2.0-2.40.2/./gio/gsettingsbackend.c:701
        value = <optimized out>
#4 0x00007ff17f401c7b in g_settings_read_from_backend (settings=settings@entry=0x7ff13800a570, key=key@entry=0x7fffdde9c920, user_value_only=user_value_only@entry=0, default_value=default_value@entry=0) at /build/buildd/glib2.0-2.40.2/./gio/gsettings.c:1052
        value = <optimized out>
        fixup = <optimized out>
        path = 0xab011c0 "/org/gnome/desktop/lockdown/disable-lock-screen"
#5 0x00007ff17f402e7a in g_settings_get_value (settings=0x7ff13800a570, key=0x2087618 "disable-lock-screen") at /build/buildd/glib2.0-2.40.2/./gio/gsettings.c:1092
        skey = {schema = 0x7ff13c017a80, name = 0x4b2fa7c "disable-lock-screen", is_flags = 0, is_enum = 0, strinfo = 0x0, strinfo_length = 0, unparsed = 0x0, lc_char = 0 '\000', type = 0x7ff1877135a0 <g_variant_type_info_basic_chars>, minimum = 0x0, maximum = 0x0, default_value = 0xb9c5b30, ref_count = 0}
        value = <optimized out>
        __FUNCTION__ = "g_settings_get_value"
#6 0x00007ff17f403cfb in g_settings_get_boolean (settings=<optimized out>, key=<optimized out>) at /build/buildd/glib2.0-2.40.2/./gio/gsettings.c:1904
        value = <optimized out>
        result = <optimized out>
#7 0x00007ff167992ed9 in unity::session::GnomeManager::CanLock() const () from /usr/lib/libunity-core-6.0.so.9
No symbol table info available.
#8 0x00007ff16799429d in unity::session::GnomeManager::Impl::LockScreen(bool) () from /usr/lib/libunity-core-6.0.so.9
No symbol table info available.
#9 0x00007ff169591fb7 in ?? () from /usr/lib/compiz/libunityshell.so
No symbol table info available.
#10 0x00007ff16798e14a in unity::glib::Source::SourceCallback(void*) () from /usr/lib/libunity-core-6.0.so.9
No symbol t...

Read more...

Andrea Azzarone (azzar1) wrote :

Ok, likely the gsettings schema gets corrupted or something like that. I already proposed a fix to avoid the crashing when the screen is locked.

Changed in unity:
status: New → Triaged
Changed in unity (Ubuntu):
status: New → In Progress
Changed in unity:
status: Triaged → In Progress
importance: Undecided → High
assignee: nobody → Andrea Azzarone (andyrock)
importance: High → Critical
Changed in unity (Ubuntu):
assignee: nobody → Andrea Azzarone (andyrock)
Andrea Azzarone (azzar1) on 2015-01-14
Changed in unity:
milestone: none → 7.3.1
Jennifer Pan (jenpan) on 2015-01-15
information type: Private Security → Public Security
description: updated
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package unity - 7.3.1+15.04.20150115-0ubuntu1

---------------
unity (7.3.1+15.04.20150115-0ubuntu1) vivid; urgency=low

  [ Ubuntu daily release ]
  * New rebuild forced

  [ Andrea Azzarone ]
  * Disable Pointer Barriers during lockscreen. (LP: #1401911)
  * Use std::weak_ptr to avoid referencing an invalid barrier. (LP:
    #1238063)
  * Enable dash and hud if there is a fullscreen window. (LP: #1159249,
    #860970)
  * Show session dialog over fullscreen windows. (LP: #1404486)
  * Avoid running pontentially dangerous code paths when the screen is
    locked. (LP: #1410582)

  [ Marco Trevisan (Treviño) ]
  * MenuManager: make sure menus are always shown when mouse is over
    them or when the always-show-menus option is on (LP: #955193,
    #1390562, #1374942, #1312137)
 -- Ubuntu daily release <email address hidden> Thu, 15 Jan 2015 15:03:31 +0000

Changed in unity (Ubuntu):
status: In Progress → Fix Released
Andrea Azzarone (azzar1) wrote :

@Jennifer a fix has been released in Ubuntu 15.04. You need to wait the next SRU (few months likely) to get this fix in 14.04 LTS.

Jennifer Pan (jenpan) wrote :

Greatly appreciate your work.

Andrea Azzarone (azzar1) on 2015-01-17
Changed in unity:
status: In Progress → Fix Committed
Nekhelesh Ramananthan (nik90) wrote :

@Andrea, considering that this is a potential security bug where a ubuntu desktop gets unlocked on its own, wouldn't it be recommended to issue an update asap instead of with the next SRU?

Stephen M. Webb (bregma) on 2015-02-11
Changed in unity:
status: Fix Committed → Fix Released
Stephen M. Webb (bregma) on 2015-03-17
Changed in unity (Ubuntu Trusty):
status: New → In Progress
Changed in unity (Ubuntu):
importance: Undecided → Critical
Changed in unity (Ubuntu Trusty):
importance: Undecided → Critical
assignee: nobody → Stephen M. Webb (bregma)
description: updated

Hello Jennifer, or anyone else affected,

Accepted unity into trusty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/unity/7.2.4+14.04.20150316-0ubuntu1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in unity (Ubuntu Trusty):
status: In Progress → Fix Committed
tags: added: verification-needed
tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package unity - 7.2.4+14.04.20150316-0ubuntu1

---------------
unity (7.2.4+14.04.20150316-0ubuntu1) trusty; urgency=medium

  [ Andrea Azzarone ]
  * Avoid running potentially dangerous code paths when the screen is
    locked. (LP: #1410582)
  * Ungrab the shoutdown dialog as soon as possible. (LP: #1398287)
  * Use COMPIZ_METAKEY where needed. (LP: #1363534)
  * disabled Pointer Barriers during lockscreen (LP: #1401911)
  * disabled markup for VolumeLauncherIcon quicklist menu items (LP:
    #1413411)
  * enable Dash, Hud, and session dialogs over full screen window (LP:
    #1159249, #860970, #1413773, #1404486)
  * made unity unlockable if user is in nopsswdlogin group (LP:
    #1413790)
  * skipped the animation of BGHash on startup to prevent unwanted fade-
    in (LP: #1241757)

  [ Luke Yelavich ]
  * extended accessible exploration of the Dash dynamic content (LP:
    #1066157)

  [ Marco Trevisan (Treviño) ]
  * MenuManager: make sure menus are always shown when mouse is over
    them or when the always-show-menus option is on (LP: #955193,
    #1390562, #1374942, #1312137)
  * PanelService: use gdbus to notfy upstart of service start/stop (LP:
    #1302955)
 -- CI Train Bot <email address hidden> Mon, 16 Mar 2015 17:30:35 +0000

Changed in unity (Ubuntu Trusty):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for unity has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers