touch-packages team mailing list archive

Thread
Date

[Bug 1306769] Re: pinlock snap decision potentially allows malicious app to gain access to user PIN and Passcode

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Mirco Müller <mirco.mueller@xxxxxxxxxxxxx>
Date: Wed, 24 Sep 2014 15:04:03 -0000
Reply-to: Bug 1306769 <1306769@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Extracting the whole snap-decision functionality into a separate dialog
service, which would be easier to isolate, feels like a too large effort
for rtm, considering the other fires we've to put out still.

Admittedly I've not done a thorough analysis of the expected effort yet.
But it will require major changes in lp:unity-notifications, lp:unity8,
all the numerous snap-decision using apps, the new dialog-service itself
and of course new Design guidelines for how such a service would fit in
the current notification-concept.

Before such an effort should be started the exact functional
requirements need to be ironed out, so we avoid having to fix things up
as we implement it... like it happened with snap-decision notifications,
which got loaded with more and more typical dialog-like features as we
went along.

All of the above will additionally also require new qml/AP-tests and of
course user- and integration-testing.

That's all I can say in a short comment.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to unity8 in Ubuntu.
https://bugs.launchpad.net/bugs/1306769

Title:
  pinlock snap decision potentially allows malicious app to gain access
  to user PIN and Passcode

Status in Server and client library for desktop notifications in Unity:
  Incomplete
Status in “unity8” package in Ubuntu:
  Incomplete

Bug description:
  Currently the pinlock dialog is implemented as snapdecision and thus
  any application that is allowed to use the notifications can
  potentially trick the user to provide his PIN code or Passcode to the
  application by invoking the pinlock dialog.

  As we want to allow applications to send normal notifications and
  snapdecisions we can't just block the whole notify service from them,
  but also we don't have any means to block just one of them.

  Thus the only solution is to remove the pinlock from snap decisions
  completely and implement a standalone dbus service for pinlock dialog
  which can be properly confined.

To manage notifications about this bug go to:
https://bugs.launchpad.net/unity-notifications/+bug/1306769/+subscriptions