desktop-packages team mailing list archive
-
desktop-packages team
-
Mailing list archive
-
Message #93951
[Bug 1410195] Re: Able to bypass screen lock.
This issue is caused by Polkit not correctly working when box is
installed as an LDAP client.
** Changed in: xubuntu-meta (Ubuntu)
Status: Incomplete => Invalid
** Also affects: openldap (Ubuntu)
Importance: Undecided
Status: New
** Also affects: policykit-1 (Ubuntu)
Importance: Undecided
Status: New
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to policykit-1 in Ubuntu.
https://bugs.launchpad.net/bugs/1410195
Title:
Able to bypass screen lock.
Status in light-locker package in Ubuntu:
Confirmed
Status in openldap package in Ubuntu:
New
Status in policykit-1 package in Ubuntu:
New
Status in xubuntu-meta package in Ubuntu:
Invalid
Bug description:
Because of light locker being added to Xubuntu, it's now possible to
bypass the screen lock.
light-locker creates a lockscreen on VT8 - however, we can switch back
to the original VT using keyboard commands, meaning that we have full
access to the user's desktop.
Steps:
Install Xubuntu
Create user with password
Login as that user
Lock screen (xflock4 or ctrl+alt+delete)
Hit Ctrl+alt+f7
Use the system without using a password to unlock.
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: light-locker 1.4.0-0ubuntu1
ProcVersionSignature: Ubuntu 3.13.0-43.72-generic 3.13.11.11
Uname: Linux 3.13.0-43-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.6
Architecture: amd64
CurrentDesktop: XFCE
Date: Tue Jan 13 10:34:10 2015
InstallationDate: Installed on 2015-01-06 (6 days ago)
InstallationMedia: Xubuntu 14.04 LTS "Trusty Tahr" - Release amd64 (20140416.2)
ProcEnviron:
LANGUAGE=en_GB:en
PATH=(custom, no user)
LANG=en_GB.UTF-8
SHELL=/bin/zsh
SourcePackage: light-locker
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/light-locker/+bug/1410195/+subscriptions