desktop-packages team mailing list archive

Thread
Date

[Bug 1410195] Re: Able to bypass screen lock.

To: desktop-packages@xxxxxxxxxxxxxxxxxxx
From: Martin Meredith <martin+ubuntu@xxxxxxxxxxxxxx>
Date: Tue, 13 Jan 2015 11:55:32 -0000
Reply-to: Bug 1410195 <1410195@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This issue is caused by Polkit not correctly working when box is
installed as an LDAP client.

** Changed in: xubuntu-meta (Ubuntu)
       Status: Incomplete => Invalid

** Also affects: openldap (Ubuntu)
   Importance: Undecided
       Status: New

** Also affects: policykit-1 (Ubuntu)
   Importance: Undecided
       Status: New

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to policykit-1 in Ubuntu.
https://bugs.launchpad.net/bugs/1410195

Title:
  Able to bypass screen lock.

Status in light-locker package in Ubuntu:
  Confirmed
Status in openldap package in Ubuntu:
  New
Status in policykit-1 package in Ubuntu:
  New
Status in xubuntu-meta package in Ubuntu:
  Invalid

Bug description:
  Because of light locker being added to Xubuntu, it's now possible to
  bypass the screen lock.

  light-locker creates a lockscreen on VT8 - however, we can switch back
  to the original VT using keyboard commands, meaning that we have full
  access to the user's desktop.

  
  Steps:

  Install Xubuntu
  Create user with password
  Login as that user
  Lock screen (xflock4 or ctrl+alt+delete)
  Hit Ctrl+alt+f7
  Use the system without using a password to unlock.

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: light-locker 1.4.0-0ubuntu1
  ProcVersionSignature: Ubuntu 3.13.0-43.72-generic 3.13.11.11
  Uname: Linux 3.13.0-43-generic x86_64
  ApportVersion: 2.14.1-0ubuntu3.6
  Architecture: amd64
  CurrentDesktop: XFCE
  Date: Tue Jan 13 10:34:10 2015
  InstallationDate: Installed on 2015-01-06 (6 days ago)
  InstallationMedia: Xubuntu 14.04 LTS "Trusty Tahr" - Release amd64 (20140416.2)
  ProcEnviron:
   LANGUAGE=en_GB:en
   PATH=(custom, no user)
   LANG=en_GB.UTF-8
   SHELL=/bin/zsh
  SourcePackage: light-locker
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/light-locker/+bug/1410195/+subscriptions