← Back to team overview

dx-packages team mailing list archive

[Bug 1438870] Re: Lock screen doesn't emit ActiveChanged signal

 

This is CVE-2015-1319

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1319

-- 
You received this bug notification because you are a member of DX
Packages, which is subscribed to unity in Ubuntu.
Matching subscriptions: dx-packages
https://bugs.launchpad.net/bugs/1438870

Title:
  Lock screen doesn't emit ActiveChanged signal

Status in Unity:
  New
Status in unity package in Ubuntu:
  New
Status in unity source package in Trusty:
  New
Status in unity source package in Utopic:
  New
Status in unity source package in Vivid:
  New

Bug description:
  tl;dr; Unity doesn't emit the ActiveChanged signal when the screen is
  locked/unlocked

  Long version:

  unity-settings-daemon's automount plugin has code to detect whether
  the screen is locked or not before automatically mounting a volume.
  This prevents someone from inserting a USB thumb drive when the screen
  is locked and exploiting a possible nautilus thumbnailer
  vulnerability. (See bug #714958 for original implementation details.)

  In Ubuntu 14.04, this code no longer works. Inserting a USB thumb
  drive while the screen is locked results in a Nautilus window opening
  underneath the lock screen, and the contents of the USB thumb drive
  being read.

  Since the screen lock got switched to Unity in Ubuntu 14.04, Unity no
  longer emits the org.gnome.ScreenSaver ActiveChanged signal when the
  screen gets locked or unlocked.

  To test:

  1- in terminal, type:
  dbus-monitor "type='signal',sender='org.gnome.ScreenSaver',interface='org.gnome.ScreenSaver'"
  2- Lock the screen
  3- Unlock the screen
  4- Notice that no signal was received

  ProblemType: Bug
  DistroRelease: Ubuntu 15.04
  Package: unity 7.3.2+15.04.20150330-0ubuntu1
  ProcVersionSignature: Ubuntu 3.19.0-10.10-generic 3.19.2
  Uname: Linux 3.19.0-10-generic x86_64
  ApportVersion: 2.17-0ubuntu1
  Architecture: amd64
  CompizPlugins: No value set for `/apps/compiz-1/general/screen0/options/active_plugins'
  CurrentDesktop: Unity
  Date: Tue Mar 31 15:15:48 2015
  InstallationDate: Installed on 2013-11-26 (489 days ago)
  InstallationMedia: Ubuntu 13.10 "Saucy Salamander" - Release amd64 (20131016.1)
  SourcePackage: unity
  UpgradeStatus: Upgraded to vivid on 2015-03-07 (24 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/unity/+bug/1438870/+subscriptions


References