desktop-packages team mailing list archive

[Launchpad Bug Tracker <1413790@xxxxxxxxxxxxxxxxxx>]

This bug was fixed in the package unity - 7.3.1+15.04.20150126-0ubuntu1

---------------
unity (7.3.1+15.04.20150126-0ubuntu1) vivid; urgency=low

  [ Andrea Azzarone ]
  * Force icon size (new gtk requires it). (LP: #1404730)
  * Disable markup accel for VolumeLauncherIcon quicklist menu items.
    (LP: #1413411)
  * Make sure dragged icons are not rendered behind the dash. (LP:
    #1413773)
  * Make unity unlockable if user is in nopsswdlogin group. On super+l
    the screensaver is activated. (LP: #1413790)
 -- Ubuntu daily release <ps-jenkins@xxxxxxxxxxxxxxxxxxx>   Mon, 26 Jan 2015 22:42:26 +0000

** Changed in: unity (Ubuntu)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to unity in Ubuntu.
Matching subscriptions: dp-unity
https://bugs.launchpad.net/bugs/1413790

Title:
  It's possible to bypasss lockscreen if user is in nopasswdlogin group.

Status in Unity:
  In Progress
Status in unity package in Ubuntu:
  Fix Released

Bug description:
  Lightdm should not emit logind "unlock" signal when the user is not
  prompted for a password. This can lead to a security issue:

  # Log-in (unity session).
  # Add the current user to nopasswdlogin group.
  # Lock the sessions.
  # Session indicator->Switch account...
  # "Login" in again.

  Expected behavior:
  The lockscreen is still active.

  Current behavior:
  The session in unlocked.

  We could workaround the issue directly in unity, but IMHO would be
  cleaner to avoid that lightdm is emitting the logind signal.

To manage notifications about this bug go to:
https://bugs.launchpad.net/unity/+bug/1413790/+subscriptions