← Back to team overview

dx-packages team mailing list archive

  1. dx-packages team
  2. Mailing list archive
  3. Message #37225

[Bug 1460626] Re: Unity Lockscreen still shows unlocked desktop while shutting down

  Thread PreviousDate PreviousThread Next 
This bug was fixed in the package unity - 7.2.6+14.04.20151021-0ubuntu1

---------------
unity (7.2.6+14.04.20151021-0ubuntu1) trusty; urgency=medium

  * New upstream release

  [ Andrea Azzarone ]
  * Merge patch from https://launchpadlibrarian.net/216276242/low-gfx-
    override.patch (LP: #1491913)
  * Properly hide decorations when on "Show Desktop" mode. (LP: #1485073)
  * Do not handle events coming from viewports not actually containing the window.
    (LP: #1449654)
  * Make sure new icons are added to the model before calling SortAndUpdate
    (LP: #1458950)
  * GnomeSessionManager: Do not allow shutdown when screen is locked. (LP: #1460626)
  * GnomeSessionManager: Do not allow shutdown when screen is locked.

  [ Chris Townsend ]
  * When looking for the top-most valid window in a VP, also check if the window
    is focused if the window is set to Always on Top. This allows Launcher icon
    spread to work properly when a window is minimized an Always on Top exists in
    the group. (LP: #1131385)
  * Wait on Spread to be terminated before showing the Quicklist. (LP: #1441626)
  * If dragging an application:// uri type from the Dash to the desktop, change it
    to a file:// uri type so Nautilus can understand the type a make a copy of it
    on the desktop. (LP: #1241972)
  * Enable real page up/page down key navigation in the Dash. When using these
    keys the view scrolls the length of the visible view. (LP: #913612)
  * Save the active window when showing the Hud so the correct window is focused
    when hiding the Hud. Fixes issue when "Always on Top" windows are present.
    (LP: #1366583)
  * Save the active window when showing the Dash so the correct window is focused
    when hiding the Dash. Fixes issue when "Always on Top" windows are present.
    (LP: #1446634)
  * When using keyboard navigation in the Dash, skip category headers that are not
    expandable. Also, do not highlight the category header when the mouse cursor
    is over it. (LP: #1045933)
  * Also use the Compiz show() method when forcing an unmapped window to be
    visible when clicking on it's active Launcher icon. (LP: #989588)
  * Add option to enable and disable Unity low graphics mode on the fly in ccsm or
    via gsettings. (LP: #1412937)
  * UScreen, PanelService: get monitor at position, ignoring pre-
    multipled Gdk scale factor (LP: #1351591)

  [ Marco Trevisan (Treviño) ]
  * ResultViewGrid: wait for double-click event only if the relative result needs
    the Preview (LP: #1291950)
  * OverlayWindowButtons: trigger a queuedraw also when a child requires a redraw
    (LP: #1461618)
  * GnomeSessionManager: Request ScreenSaver (de)activation on VT changes (LP:
    #1405349)
  * UScreen, PanelService: get monitor at position, ignoring pre-multipled Gdk
    scale factor (LP: #1351591)
  * UScreen, PanelService: get monitor at position, ignoring pre-
    multipled Gdk scale factor (LP: #1351591)

 -- Marco Trevisan (Treviño) <mail@xxxxxxxxx>  Wed, 21 Oct 2015 15:54:44
+0000

** Changed in: unity (Ubuntu Trusty)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of DX
Packages, which is subscribed to indicator-session in Ubuntu.
Matching subscriptions: dx-packages
https://bugs.launchpad.net/bugs/1460626

Title:
  Unity Lockscreen still shows unlocked desktop while shutting down

Status in Unity:
  Fix Released
Status in Unity 7.2 series:
  In Progress
Status in indicator-session package in Ubuntu:
  Fix Released
Status in unity package in Ubuntu:
  Fix Released
Status in indicator-session source package in Trusty:
  Fix Released
Status in unity source package in Trusty:
  Fix Released

Bug description:
  This was reported and supposedly fixed in
  https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1370017, but the
  bug is still present in the current Unity version in Trusty.  I've
  reported it in that bug already, but got ignored, so I'm opening a new
  bug about it.

  [Impact and Test Case]

  Steps to reproduce:
  1 - Log into Unity
  2 - Open a terminal.
  3 - Lock the screen
  4 - From the lockscreen, tell the computer to shut down / restart

  Expected behavior:
  * Session programs are closed while the screen is still locked
  * During shutdown, no user interaction is possible

  Observed behavior:
  * The lockscreen is gone immediately, with the rest of compiz (e.g. window decorations are not present)
  * But it's possible to interact with programs that are still running in the session for about 3 seconds

  Observed on an updated Trusty machine, running unity version
  7.2.5+14.04.20150521.1-0ubuntu1

  This bug is a security vulnerability because during those 3 seconds it
  could be possible to access and interact with sensitive information.
  Yes, it's short, but you could take a picture or even rm -rf / if
  there happened to be a root console available.

  =====

  [Impact]
  A lockscreen should hide the screen content no matter what. A the moment there is no easy way to provide a good shutdown experience if the screen is locked so it's better to disable it. Please note that you can still shut down the system if the screen is locked just switching to unity-greeter using "Swtich Account..." (it's safe in this case)

  Needs to be backported to 14.04 LTS because can affect security.

  [Test Case]
  1 - Lock the screen
  2 - Push the hw shutdown button.
  3 - Make sure that there is no shutdown option in the end of session dialog.

  1 - Lock the screen
  2 - Open the session indicator
  3 - Make sure there is no shutdown option in the drop down menu

  [Regression Potential]
  None.

To manage notifications about this bug go to:
https://bugs.launchpad.net/unity/+bug/1460626/+subscriptions

References

  Thread PreviousDate PreviousThread Next