← Back to team overview

dx-packages team mailing list archive

[Bug 1460626] [NEW] Unity Lockscreen still shows unlocked desktop while shutting down

 

Public bug reported:

This was reported and supposedly fixed in
https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1370017, but the
bug is still present in the current Unity version in Trusty.  I've
reported it in that bug already, but got ignored, so I'm opening a new
bug about it.

[Impact and Test Case]

Steps to reproduce:
1 - Log into Unity
2 - Open a terminal.
3 - Lock the screen
4 - From the lockscreen, tell the computer to shut down / restart

Expected behavior:
* Session programs are closed while the screen is still locked
* During shutdown, no user interaction is possible

Observed behavior:
* The lockscreen is gone immediately, with the rest of compiz (e.g. window decorations are not present)
* But it's possible to interact with programs that are still running in the session for about 3 seconds

Observed on an updated Trusty machine, running unity version
7.2.5+14.04.20150521.1-0ubuntu1

This bug is a security vulnerability because during those 3 seconds it
could be possible to access and interact with sensitive information.
Yes, it's short, but you could take a picture or even rm -rf / if there
happened to be a root console available.

** Affects: unity (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: lockscreen

-- 
You received this bug notification because you are a member of DX
Packages, which is subscribed to unity in Ubuntu.
Matching subscriptions: dx-packages
https://bugs.launchpad.net/bugs/1460626

Title:
  Unity Lockscreen still shows unlocked desktop while shutting down

Status in unity package in Ubuntu:
  New

Bug description:
  This was reported and supposedly fixed in
  https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1370017, but the
  bug is still present in the current Unity version in Trusty.  I've
  reported it in that bug already, but got ignored, so I'm opening a new
  bug about it.

  [Impact and Test Case]

  Steps to reproduce:
  1 - Log into Unity
  2 - Open a terminal.
  3 - Lock the screen
  4 - From the lockscreen, tell the computer to shut down / restart

  Expected behavior:
  * Session programs are closed while the screen is still locked
  * During shutdown, no user interaction is possible

  Observed behavior:
  * The lockscreen is gone immediately, with the rest of compiz (e.g. window decorations are not present)
  * But it's possible to interact with programs that are still running in the session for about 3 seconds

  Observed on an updated Trusty machine, running unity version
  7.2.5+14.04.20150521.1-0ubuntu1

  This bug is a security vulnerability because during those 3 seconds it
  could be possible to access and interact with sensitive information.
  Yes, it's short, but you could take a picture or even rm -rf / if
  there happened to be a root console available.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1460626/+subscriptions


Follow ups

References