dx-packages team mailing list archive

[Seth Arnold <1266464@xxxxxxxxxxxxxxxxxx>]

I've confirmed the behaviour; it does not appear to provide any ability
to further cross privilege boundaries, so I'm marking it public / not-
security. I'm also not sure if hud is the right target, I know Unity has
some special handling around the Meta and Super keys.

Thanks

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of DX
Packages, which is subscribed to hud in Ubuntu.
https://bugs.launchpad.net/bugs/1266464

Title:
  HUD "Super" and "Alt" shortcuts works through locked screen

Status in “hud” package in Ubuntu:
  Confirmed

Bug description:
  To reproduce:
  1. Lock screen (e.g. using Ctrl+Alt+L or corresponding option in menu).
  2. Press Super (or Alt) key.
  3. Enter password to unlock desktop.

  Expected behaviour: nothing on desktop should be changed.
  Observed behaviour: HUD menu pupped up, as if Alt or Super were pressed on desktop.

  I mark this bug report as security issue, because not sure is Super
  and Alt keys are only shortcuts that being passed to desktop, if other
  keys can be passed to desktop in any way it would be possible to run
  some command through HUD.

  ProblemType: Bug
  DistroRelease: Ubuntu 13.10
  Package: hud 13.10.1+13.10.20131031-0ubuntu1
  ProcVersionSignature: Ubuntu 3.11.0-15.23-generic 3.11.10
  Uname: Linux 3.11.0-15-generic x86_64
  ApportVersion: 2.12.5-0ubuntu2.2
  Architecture: amd64
  CheckboxSubmission: 3d16077c4fdd6a017d47f6e3dc4f3c54
  CheckboxSystem: b633b4f40868d491c2ae5b50030ce6f3
  Date: Mon Jan  6 17:18:05 2014
  InstallationDate: Installed on 2014-01-01 (4 days ago)
  InstallationMedia: Ubuntu 13.10 "Saucy Salamander" - Release amd64 (20131016.1)
  MarkForUpload: True
  SourcePackage: hud
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/hud/+bug/1266464/+subscriptions