desktop-packages team mailing list archive
-
desktop-packages team
-
Mailing list archive
-
Message #148409
[Bug 1515662] Re: Major security issue with light-locker - console switching gives access to other screens for a few seconds
I've subscribed the light-locker devs team so that they're aware.
Note that bug 1473904 and bug 1440499 are similar light-locker bypass
issues.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to lightdm in Ubuntu.
https://bugs.launchpad.net/bugs/1515662
Title:
Major security issue with light-locker - console switching gives
access to other screens for a few seconds
Status in light-locker package in Ubuntu:
New
Status in lightdm package in Ubuntu:
Invalid
Bug description:
light-locker is completely insecure for X configurations with multiple
screens that are not using a single display.
My setup - 4 monitors, nvidia, each with separate screen.
If I lock screen and then control-alt-f7 back to X, only one single
screen is protected. After several seconds, it forces a switch to the
lock display, but in the mean time, the other three screens are
COMPLETELY UNPROTECTED.
It only takes a few seconds to launch a terminal and killall light-
locker and I have unrestricted access to all.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/light-locker/+bug/1515662/+subscriptions