dx-packages team mailing list archive

Thread
Date

[Bug 1345505] Re: lock screen leaks keystrokes to window "behind" greeter

To: dx-packages@xxxxxxxxxxxxxxxxxxx
From: Margarita Manterola <marga@xxxxxxxxxx>
Date: Wed, 30 Jul 2014 14:15:40 -0000
Reply-to: Bug 1345505 <1345505@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

I'm affected as well, and I've been only able to reproduce with Chrome
35 or later. I tried several other applications and was not able to
reproduce. Including Firefox, gnome-terminal and Chrome 34.

Also, it only happens on Unity, other desktop environments are not
affected.

I tried 3 different versions of compiz (the latest one, the one before
that and the original from trusty) and I could reproduce with all of
them, although the behavior is not exactly the same.

The reproduction case that I found most successful is locking the screen with Ctrl-Alt-L while having some text selected on the Chrome window, for example the location bar.  So:
1) Open Chrome 35 or later (current stable is 36)
2) Ctrl-L to select the location bar
3) Ctrl-Alt-L to lock the screen

After that, any characters I type while the lockscreen is dimming are
sent through to Chrome.

** Summary changed:

- lock screen leaks keystrokes to window "behind" greeter
+ Password typed to unlock the screen is sent to the Chrome window that was in focus

-- 
You received this bug notification because you are a member of DX
Packages, which is subscribed to unity in Ubuntu.
Matching subscriptions: dx-packages
https://bugs.launchpad.net/bugs/1345505

Title:
  Password typed to unlock the screen is sent to the Chrome window that
  was in focus

Status in Unity:
  New
Status in “unity” package in Ubuntu:
  Confirmed

Bug description:
  When my machine comes out of suspend, I am shown the unity lockscreen.
  However, occasionally I am unable to enter my password since the
  password box is not given focus. Clicking with the mouse in the
  password box also doesn't help.

  I've found that clicking the settings cog (top right) twice allows me
  to regain control of the focus and enter my password.

  Aside from the inability to enter my password in the password box, it
  seems that simply typing my password (or in fact any text) results in
  those keystrokes being passed to the full-screen window *behind* the
  greeter. This should not be possible and is a security issue: imagine
  if my full-screen console was connected to a remote shared session, or
  was running an irc client, etc.).

  ProblemType: BugDistroRelease: Ubuntu 14.10
  Package: lightdm 1.11.4-0ubuntu1
  ProcVersionSignature: Ubuntu 3.16.0-4.9-generic 3.16.0-rc5
  Uname: Linux 3.16.0-4-generic x86_64
  ApportVersion: 2.14.4-0ubuntu2
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Sun Jul 20 09:08:47 2014
  InstallationDate: Installed on 2014-04-11 (99 days ago)
  InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Daily amd64 (20140409)SourcePackage: lightdm
  UpgradeStatus: Upgraded to utopic on 2014-05-08 (72 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/unity/+bug/1345505/+subscriptions