touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #102998
[Bug 1438870] Re: Lock screen doesn't emit ActiveChanged signal
This bug was fixed in the package unity-settings-daemon -
14.04.0+14.04.20150825-0ubuntu2
---------------
unity-settings-daemon (14.04.0+14.04.20150825-0ubuntu2) trusty-security; urgency=medium
* SECURITY UPDATE: Drives automount while screen is locked
(LP: #1438870)
- plugins/automount/gsd-automount-manager.c: also monitor Unity screen
lock.
- CVE-2015-1319
-- Marc Deslauriers <marc.deslauriers@xxxxxxxxxx> Fri, 11 Sep 2015
13:44:35 -0400
** Changed in: unity-settings-daemon (Ubuntu Trusty)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to unity in Ubuntu.
https://bugs.launchpad.net/bugs/1438870
Title:
Lock screen doesn't emit ActiveChanged signal
Status in Unity:
Won't Fix
Status in unity package in Ubuntu:
Fix Released
Status in unity-settings-daemon package in Ubuntu:
Fix Released
Status in unity source package in Trusty:
Fix Released
Status in unity-settings-daemon source package in Trusty:
Fix Released
Bug description:
tl;dr; Unity doesn't emit the ActiveChanged signal when the screen is
locked/unlocked
Long version:
unity-settings-daemon's automount plugin has code to detect whether
the screen is locked or not before automatically mounting a volume.
This prevents someone from inserting a USB thumb drive when the screen
is locked and exploiting a possible nautilus thumbnailer
vulnerability. (See bug #714958 for original implementation details.)
In Ubuntu 14.04, this code no longer works. Inserting a USB thumb
drive while the screen is locked results in a Nautilus window opening
underneath the lock screen, and the contents of the USB thumb drive
being read.
Since the screen lock got switched to Unity in Ubuntu 14.04, Unity no
longer emits the org.gnome.ScreenSaver ActiveChanged signal when the
screen gets locked or unlocked.
To test:
1- in terminal, type:
dbus-monitor "type='signal',sender='org.gnome.ScreenSaver',interface='org.gnome.ScreenSaver'"
2- Lock the screen
3- Unlock the screen
4- Notice that no signal was received
ProblemType: Bug
DistroRelease: Ubuntu 15.04
Package: unity 7.3.2+15.04.20150330-0ubuntu1
ProcVersionSignature: Ubuntu 3.19.0-10.10-generic 3.19.2
Uname: Linux 3.19.0-10-generic x86_64
ApportVersion: 2.17-0ubuntu1
Architecture: amd64
CompizPlugins: No value set for `/apps/compiz-1/general/screen0/options/active_plugins'
CurrentDesktop: Unity
Date: Tue Mar 31 15:15:48 2015
InstallationDate: Installed on 2013-11-26 (489 days ago)
InstallationMedia: Ubuntu 13.10 "Saucy Salamander" - Release amd64 (20131016.1)
SourcePackage: unity
UpgradeStatus: Upgraded to vivid on 2015-03-07 (24 days ago)
To manage notifications about this bug go to:
https://bugs.launchpad.net/unity/+bug/1438870/+subscriptions
References