dx-packages team mailing list archive

Thread
Date

[Bug 1308572] Re: Ubuntu 14.04: security problem in the lock screen

To: dx-packages@xxxxxxxxxxxxxxxxxxx
From: Robert Bruce Park <robert.park@xxxxxxxxxxxxx>
Date: Wed, 16 Apr 2014 23:49:05 -0000
Reply-to: Bug 1308572 <1308572@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

So both the linked branches built in silo 8, and when I tested it, this
is what I found:

1. start unity

2. open terminal (Ctrl+alt+T)

3. type 'sleep 15 && killall -9 compiz'

4. lock screen

observe: screen locks, then unity crashes, then unity restarts locked.
so far so good.

5. issue the same command in the terminal again

6. lock the screen again

observe: screen locks, then unity crashes... and doesn't come back.

I'm told this is not a regression (eg it's known that unity does not
restart after the first crash) however this is significant because when
unity does not restart, that terminal just stays open right there, and
while it doesn't respond to keyboard input, it does respond to mouse
input, so it's possible to issue commands as the logged-in user by copy
& pasting (eg, select some text, right click -> copy, right click ->
paste).

So if I'm an attacker and I'm in a position to trigger a crash in
compiz, the whole "restarting locked" thing seems kind of weak, because
all I have to do is crash compiz... twice. Granted the unity-free UI is
quite limited, maybe there's a browser open and I can access the user's
email, or whatever. it's still an attack vector.

-- 
You received this bug notification because you are a member of DX
Packages, which is subscribed to unity in Ubuntu.
Matching subscriptions: dx-packages
https://bugs.launchpad.net/bugs/1308572

Title:
  Ubuntu 14.04: security problem in the lock screen

Status in Unity:
  In Progress
Status in “unity” package in Ubuntu:
  In Progress

Bug description:
  affects ubuntu

  Hello,
  I am running Ubuntu 14.04 with all the packages updated.
  When the screen is locked with password, if I hold ENTER after some
  seconds the screen freezes and the lock screen crashes. After that I
  have the computer fully unlocked.

  --
  Marco Agnese

  This bug is about the lockscreen being bypassed when unity
  crashes/restarts, which is a critcal security issue. The crash will be
  handled from bug 1308750

To manage notifications about this bug go to:
https://bugs.launchpad.net/unity/+bug/1308572/+subscriptions