touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #05703
[Bug 1345505] Re: lock screen leaks keystrokes to window "behind" greeter
I'm affected as well, and I've been only able to reproduce with Chrome
35 or later. I tried several other applications and was not able to
reproduce. Including Firefox, gnome-terminal and Chrome 34.
Also, it only happens on Unity, other desktop environments are not
affected.
I tried 3 different versions of compiz (the latest one, the one before
that and the original from trusty) and I could reproduce with all of
them, although the behavior is not exactly the same.
The reproduction case that I found most successful is locking the screen with Ctrl-Alt-L while having some text selected on the Chrome window, for example the location bar. So:
1) Open Chrome 35 or later (current stable is 36)
2) Ctrl-L to select the location bar
3) Ctrl-Alt-L to lock the screen
After that, any characters I type while the lockscreen is dimming are
sent through to Chrome.
** Summary changed:
- lock screen leaks keystrokes to window "behind" greeter
+ Password typed to unlock the screen is sent to the Chrome window that was in focus
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to unity in Ubuntu.
https://bugs.launchpad.net/bugs/1345505
Title:
Password typed to unlock the screen is sent to the Chrome window that
was in focus
Status in Unity:
New
Status in “unity” package in Ubuntu:
Confirmed
Bug description:
When my machine comes out of suspend, I am shown the unity lockscreen.
However, occasionally I am unable to enter my password since the
password box is not given focus. Clicking with the mouse in the
password box also doesn't help.
I've found that clicking the settings cog (top right) twice allows me
to regain control of the focus and enter my password.
Aside from the inability to enter my password in the password box, it
seems that simply typing my password (or in fact any text) results in
those keystrokes being passed to the full-screen window *behind* the
greeter. This should not be possible and is a security issue: imagine
if my full-screen console was connected to a remote shared session, or
was running an irc client, etc.).
ProblemType: BugDistroRelease: Ubuntu 14.10
Package: lightdm 1.11.4-0ubuntu1
ProcVersionSignature: Ubuntu 3.16.0-4.9-generic 3.16.0-rc5
Uname: Linux 3.16.0-4-generic x86_64
ApportVersion: 2.14.4-0ubuntu2
Architecture: amd64
CurrentDesktop: Unity
Date: Sun Jul 20 09:08:47 2014
InstallationDate: Installed on 2014-04-11 (99 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Daily amd64 (20140409)SourcePackage: lightdm
UpgradeStatus: Upgraded to utopic on 2014-05-08 (72 days ago)
To manage notifications about this bug go to:
https://bugs.launchpad.net/unity/+bug/1345505/+subscriptions
References