dx-packages team mailing list archive

[Sami Jaktholm <1306417@xxxxxxxxxxxxxxxxxx>]

*** This bug is a security vulnerability ***

Public security bug reported:

Steps to reproduce:
1. Lock the screen
2. Let the lockscreen blank
3. Press ALT+TAB

What happens:
The application switcher appears and it's possible to switch between applications. The chosen application will get keyboard focus and any input will go there.

What should happen:
Nothing. Lockscreen should grab the keyboard and stop the input from going anywhere.

This has security implications. For example it's possible to open the
"Run command" view and run "unity --replace" to destroy the lockscreen
and open the session.

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: unity 7.2.0+14.04.20140410.1-0ubuntu1
ProcVersionSignature: Ubuntu 3.13.0-23.45-generic 3.13.8
Uname: Linux 3.13.0-23-generic x86_64
ApportVersion: 2.14.1-0ubuntu2
Architecture: amd64
CompizPlugins: No value set for `/apps/compiz-1/general/screen0/options/active_plugins'
CurrentDesktop: Unity
Date: Fri Apr 11 10:06:50 2014
InstallationDate: Installed on 2014-02-23 (46 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Alpha amd64 (20140223)
SourcePackage: unity
UpgradeStatus: No upgrade log present (probably fresh install)

** Affects: unity
     Importance: Undecided
     Assignee: Sami Jaktholm (sjakthol)
         Status: In Progress

** Affects: unity (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug trusty

** Also affects: unity
   Importance: Undecided
       Status: New

** Information type changed from Private Security to Public Security

** Changed in: unity
       Status: New => In Progress

** Changed in: unity
     Assignee: (unassigned) => Sami Jaktholm (sjakthol)

-- 
You received this bug notification because you are a member of DX
Packages, which is subscribed to unity in Ubuntu.
Matching subscriptions: dx-packages
https://bugs.launchpad.net/bugs/1306417

Title:
  Lockscreen can be bypassed after screen has blanked

Status in Unity:
  In Progress
Status in “unity” package in Ubuntu:
  New

Bug description:
  Steps to reproduce:
  1. Lock the screen
  2. Let the lockscreen blank
  3. Press ALT+TAB

  What happens:
  The application switcher appears and it's possible to switch between applications. The chosen application will get keyboard focus and any input will go there.

  What should happen:
  Nothing. Lockscreen should grab the keyboard and stop the input from going anywhere.

  This has security implications. For example it's possible to open the
  "Run command" view and run "unity --replace" to destroy the lockscreen
  and open the session.

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: unity 7.2.0+14.04.20140410.1-0ubuntu1
  ProcVersionSignature: Ubuntu 3.13.0-23.45-generic 3.13.8
  Uname: Linux 3.13.0-23-generic x86_64
  ApportVersion: 2.14.1-0ubuntu2
  Architecture: amd64
  CompizPlugins: No value set for `/apps/compiz-1/general/screen0/options/active_plugins'
  CurrentDesktop: Unity
  Date: Fri Apr 11 10:06:50 2014
  InstallationDate: Installed on 2014-02-23 (46 days ago)
  InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Alpha amd64 (20140223)
  SourcePackage: unity
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/unity/+bug/1306417/+subscriptions