desktop-packages team mailing list archive
-
desktop-packages team
-
Mailing list archive
-
Message #95038
[Bug 1410195] Re: Able to bypass screen lock.
** Description changed:
- Because of light locker being added to Xubuntu, it's now possible to
- bypass the screen lock.
+ HOW TO REPRODUCE:
+ 1. Create an user account with password.
+ 2. Login in the new account using the XFCE desktop environment.
+ 3. Lock the screen.
+ 4. Hit the Ctrl+Alt+F7 key combination.
- light-locker creates a lockscreen on VT8 - however, we can switch back
- to the original VT using keyboard commands, meaning that we have full
- access to the user's desktop.
+ EXPECTED BEHAVIOUR:
+ - The user session to be unavailable due to no password being entered.
-
- Steps:
-
- Install Xubuntu
- Create user with password
- Login as that user
- Lock screen (xflock4 or ctrl+alt+delete)
- Hit Ctrl+alt+f7
- Use the system without using a password to unlock.
+ REAL BEHAVIOUR:
+ - The session is accessible without entering its password, due to the VT8 being bypassed to the original VT using the Ctrl+Alt+F7 key combination.
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: light-locker 1.4.0-0ubuntu1
ProcVersionSignature: Ubuntu 3.13.0-43.72-generic 3.13.11.11
Uname: Linux 3.13.0-43-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.6
Architecture: amd64
CurrentDesktop: XFCE
Date: Tue Jan 13 10:34:10 2015
InstallationDate: Installed on 2015-01-06 (6 days ago)
InstallationMedia: Xubuntu 14.04 LTS "Trusty Tahr" - Release amd64 (20140416.2)
ProcEnviron:
- LANGUAGE=en_GB:en
- PATH=(custom, no user)
- LANG=en_GB.UTF-8
- SHELL=/bin/zsh
+ LANGUAGE=en_GB:en
+ PATH=(custom, no user)
+ LANG=en_GB.UTF-8
+ SHELL=/bin/zsh
SourcePackage: light-locker
UpgradeStatus: No upgrade log present (probably fresh install)
** Summary changed:
- Able to bypass screen lock.
+ Ctrl+Alt+F7 bypasses the lock-screen under XFCE
** Also affects: hundredpapercuts
Importance: Undecided
Status: New
** Changed in: hundredpapercuts
Status: New => Confirmed
** Changed in: hundredpapercuts
Importance: Undecided => Critical
** Summary changed:
- Ctrl+Alt+F7 bypasses the lock-screen under XFCE
+ Ctrl+Alt+F7 bypasses the light-locker lock-screen under XFCE
** Summary changed:
- Ctrl+Alt+F7 bypasses the light-locker lock-screen under XFCE
+ Ctrl+Alt+F7 bypasses light-locker lock-screen under XFCE
** Summary changed:
- Ctrl+Alt+F7 bypasses light-locker lock-screen under XFCE
+ Ctrl+Alt+F7 bypasses the light-locker lock-screen under XFCE
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to policykit-1 in Ubuntu.
https://bugs.launchpad.net/bugs/1410195
Title:
Ctrl+Alt+F7 bypasses the light-locker lock-screen under XFCE
Status in One Hundred Papercuts:
Confirmed
Status in light-locker package in Ubuntu:
Confirmed
Status in openldap package in Ubuntu:
Confirmed
Status in policykit-1 package in Ubuntu:
Confirmed
Status in xubuntu-meta package in Ubuntu:
Invalid
Bug description:
HOW TO REPRODUCE:
1. Create an user account with password.
2. Login in the new account using the XFCE desktop environment.
3. Lock the screen.
4. Hit the Ctrl+Alt+F7 key combination.
EXPECTED BEHAVIOUR:
- The user session to be unavailable due to no password being entered.
REAL BEHAVIOUR:
- The session is accessible without entering its password, due to the VT8 being bypassed to the original VT using the Ctrl+Alt+F7 key combination.
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: light-locker 1.4.0-0ubuntu1
ProcVersionSignature: Ubuntu 3.13.0-43.72-generic 3.13.11.11
Uname: Linux 3.13.0-43-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.6
Architecture: amd64
CurrentDesktop: XFCE
Date: Tue Jan 13 10:34:10 2015
InstallationDate: Installed on 2015-01-06 (6 days ago)
InstallationMedia: Xubuntu 14.04 LTS "Trusty Tahr" - Release amd64 (20140416.2)
ProcEnviron:
LANGUAGE=en_GB:en
PATH=(custom, no user)
LANG=en_GB.UTF-8
SHELL=/bin/zsh
SourcePackage: light-locker
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/hundredpapercuts/+bug/1410195/+subscriptions
