← Back to team overview

dx-packages team mailing list archive

[Bug 1460626] Re: Unity Lockscreen still shows unlocked desktop while shutting down

 

Installed all 3 patched 𝐔𝐧𝐢𝐭𝐲 𝟕 version 7.2.6+14.04.20151021-0ubuntu1
packages:

unity
unity-services
libunity-core-6.0-9

and indicator-session version 12.10.5+14.04.20151021.1-0ubuntu1 on
𝐔𝐛𝐮𝐧𝐭𝐮 𝟏𝟒.𝟎𝟒𝐋𝐓𝐒 "Trusty" from the 𝒑𝒓𝒐𝒑𝒐𝒔𝒆𝒅 repo. Tested the new unity
and indicator-session and verified they don't show Shutdown option in
both shutdown dialog and indicator while in Lockscreen.

** Tags removed: verification-needed
** Tags added: verification-done

-- 
You received this bug notification because you are a member of DX
Packages, which is subscribed to indicator-session in Ubuntu.
Matching subscriptions: dx-packages
https://bugs.launchpad.net/bugs/1460626

Title:
  Unity Lockscreen still shows unlocked desktop while shutting down

Status in Unity:
  Fix Released
Status in Unity 7.2 series:
  In Progress
Status in indicator-session package in Ubuntu:
  Fix Released
Status in unity package in Ubuntu:
  Fix Released
Status in indicator-session source package in Trusty:
  Fix Committed
Status in unity source package in Trusty:
  Fix Committed

Bug description:
  This was reported and supposedly fixed in
  https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1370017, but the
  bug is still present in the current Unity version in Trusty.  I've
  reported it in that bug already, but got ignored, so I'm opening a new
  bug about it.

  [Impact and Test Case]

  Steps to reproduce:
  1 - Log into Unity
  2 - Open a terminal.
  3 - Lock the screen
  4 - From the lockscreen, tell the computer to shut down / restart

  Expected behavior:
  * Session programs are closed while the screen is still locked
  * During shutdown, no user interaction is possible

  Observed behavior:
  * The lockscreen is gone immediately, with the rest of compiz (e.g. window decorations are not present)
  * But it's possible to interact with programs that are still running in the session for about 3 seconds

  Observed on an updated Trusty machine, running unity version
  7.2.5+14.04.20150521.1-0ubuntu1

  This bug is a security vulnerability because during those 3 seconds it
  could be possible to access and interact with sensitive information.
  Yes, it's short, but you could take a picture or even rm -rf / if
  there happened to be a root console available.

  =====

  [Impact]
  A lockscreen should hide the screen content no matter what. A the moment there is no easy way to provide a good shutdown experience if the screen is locked so it's better to disable it. Please note that you can still shut down the system if the screen is locked just switching to unity-greeter using "Swtich Account..." (it's safe in this case)

  Needs to be backported to 14.04 LTS because can affect security.

  [Test Case]
  1 - Lock the screen
  2 - Push the hw shutdown button.
  3 - Make sure that there is no shutdown option in the end of session dialog.

  1 - Lock the screen
  2 - Open the session indicator
  3 - Make sure there is no shutdown option in the drop down menu

  [Regression Potential]
  None.

To manage notifications about this bug go to:
https://bugs.launchpad.net/unity/+bug/1460626/+subscriptions


References