← Back to team overview

desktop-packages team mailing list archive

[Bug 1515662] Re: Major security issue with light-locker - console switching gives access to other screens for a few seconds

 

I've subscribed the light-locker devs team so that they're aware.

Note that bug 1473904 and bug 1440499 are similar light-locker bypass
issues.

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to lightdm in Ubuntu.
https://bugs.launchpad.net/bugs/1515662

Title:
  Major security issue with light-locker - console switching gives
  access to other screens for a few seconds

Status in light-locker package in Ubuntu:
  New
Status in lightdm package in Ubuntu:
  Invalid

Bug description:
  light-locker is completely insecure for X configurations with multiple
  screens that are not using a single display.

  My setup - 4 monitors, nvidia, each with separate screen.

  If I lock screen and then control-alt-f7 back to X, only one single
  screen is protected. After several seconds, it forces a switch to the
  lock display, but in the mean time, the other three screens are
  COMPLETELY UNPROTECTED.

  It only takes a few seconds to launch a terminal and killall light-
  locker and I have unrestricted access to all.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/light-locker/+bug/1515662/+subscriptions