← Back to team overview

dx-packages team mailing list archive

[Bug 1342903] [NEW] unity retains focus on virtualbox session when locked

 

Public bug reported:

While using virtualbox in fullscreen mode, CTRL + ALT + L, leaves focus
with the virtual machine. However this still locks the host's unity
session. This leaves all key events trapped in the virtual machine, so
typing in your password becomes impossible. After a reboot all
functionality returned.

This could be a potential security hazard, depending on the virtual
machine being used, as it allows arbitrary commands to be executed
through a locked unity session without any authentication.


lsb_release -rd
    Description:	Ubuntu 14.04 LTS
    Release:	14.04

apt-cache policy unity
unity:
  Installed: 7.2.1+14.04.20140513-0ubuntu2
  Candidate: 7.2.1+14.04.20140513-0ubuntu2
  Version table:
 *** 7.2.1+14.04.20140513-0ubuntu2 0
        500 http://ca.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages
        100 /var/lib/dpkg/status

** Affects: unity (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: lockscreen trusty unity virtualbox

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of DX
Packages, which is subscribed to unity in Ubuntu.
Matching subscriptions: dx-packages
https://bugs.launchpad.net/bugs/1342903

Title:
  unity retains focus on virtualbox session when locked

Status in “unity” package in Ubuntu:
  New

Bug description:
  While using virtualbox in fullscreen mode, CTRL + ALT + L, leaves
  focus with the virtual machine. However this still locks the host's
  unity session. This leaves all key events trapped in the virtual
  machine, so typing in your password becomes impossible. After a reboot
  all functionality returned.

  This could be a potential security hazard, depending on the virtual
  machine being used, as it allows arbitrary commands to be executed
  through a locked unity session without any authentication.

  
  lsb_release -rd
      Description:	Ubuntu 14.04 LTS
      Release:	14.04

  apt-cache policy unity
  unity:
    Installed: 7.2.1+14.04.20140513-0ubuntu2
    Candidate: 7.2.1+14.04.20140513-0ubuntu2
    Version table:
   *** 7.2.1+14.04.20140513-0ubuntu2 0
          500 http://ca.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages
          100 /var/lib/dpkg/status

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1342903/+subscriptions


Follow ups

References