dx-packages team mailing list archive
-
dx-packages team
-
Mailing list archive
-
Message #17954
[Bug 1345505] [NEW] lightdm leaks keystrokes to window "behind" greeter
*** This bug is a security vulnerability ***
You have been subscribed to a public security bug:
When my machine comes out of suspend, I am shown the lightdm greeter.
However, occasionally I am unable to enter my password since the
password box is not given focus. Clicking with the mouse in the password
box also doesn't help.
I've found that clicking the settings cog (top right) twice allows me to
regain control of the focus and enter my password.
Aside from the inability to enter my password in the password box, it
seems that simply typing my password (or in fact any text) results in
those keystrokes being passed to the full-screen window *behind* the
greeter. This should not be possible and is a security issue: imagine if
my full-screen console was connected to a remote shared session, or was
running an irc client, etc.).
ProblemType: Bug
DistroRelease: Ubuntu 14.10
Package: lightdm 1.11.4-0ubuntu1
ProcVersionSignature: Ubuntu 3.16.0-4.9-generic 3.16.0-rc5
Uname: Linux 3.16.0-4-generic x86_64
ApportVersion: 2.14.4-0ubuntu2
Architecture: amd64
CurrentDesktop: Unity
Date: Sun Jul 20 09:08:47 2014
InstallationDate: Installed on 2014-04-11 (99 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Daily amd64 (20140409)
SourcePackage: lightdm
UpgradeStatus: Upgraded to utopic on 2014-05-08 (72 days ago)
** Affects: unity (Ubuntu)
Importance: High
Status: New
** Tags: amd64 apport-bug third-party-packages utopic
--
lightdm leaks keystrokes to window "behind" greeter
https://bugs.launchpad.net/bugs/1345505
You received this bug notification because you are a member of DX Packages, which is subscribed to unity in Ubuntu.