← Back to team overview

dx-packages team mailing list archive

  1. dx-packages team
  2. Mailing list archive
  3. Message #14703

[Bug 1313885] Re: lock screen bypass

  Thread PreviousDate PreviousThread Next 
I can still bypass the logscreen by rightclicking the indicators.

In order to reproduce:

Open a Terminal
Press CTRL+ALT+L to lock the screen
right click the indicators some times
type and you will enter into the terminal not the password field

The easiest way to reproduce this is to play some music with mplayer in
the terminal. If you can stop the music, skip a song etc. with your keys
press CTRL+c to quit mplayer. Now you can type whatever you want and it
will be executed.

This probably affects other Programs. I can even switch the terminal
with the default shortcuts. I guess i could also start one with
CTRL+ALT+T but i need to confirm that.

I just installed the fix above. Have not rebooted though. So that might
fix it.

-- 
You received this bug notification because you are a member of DX
Packages, which is subscribed to unity in Ubuntu.
Matching subscriptions: dx-packages
https://bugs.launchpad.net/bugs/1313885

Title:
  lock screen bypass

Status in Unity:
  In Progress
Status in “unity” package in Ubuntu:
  In Progress
Status in “unity” source package in Trusty:
  Fix Released
Status in “unity” source package in Utopic:
  In Progress

Bug description:
  I found a bug allowing a user to bypass the new lock screen of Ubuntu
  14.04

  1 - When the screen is locked just right click multiple times on the indicator bar (for example on the battery indicator), then shortcuts are available. 
  2 - Press ALT+F2 
  3 - you can execute the command you whant on behalf of the logged user. 

  Here is a video demonstrating this bug :
  http://www.youtube.com/watch?v=d4UUB0sI5Fc

  
  lsb_release -rd
  Description:	Ubuntu 14.04 LTS
  Release:	14.04

  Ubuntu version updated the 04/28/2014

  apt-cache policy unity
  unity:
    Installed: 7.2.0+14.04.20140416-0ubuntu1
    Candidate: 7.2.0+14.04.20140416-0ubuntu1
    Version table:
   *** 7.2.0+14.04.20140416-0ubuntu1 0
          500 http://fr.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
          100 /var/lib/dpkg/status

To manage notifications about this bug go to:
https://bugs.launchpad.net/unity/+bug/1313885/+subscriptions

References

  Thread PreviousDate PreviousThread Next