touch-packages team mailing list archive

Thread
Date

[Bug 1370017] Re: Unity Lockscreen shows unlocked desktop while shutting down

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Mateusz Stachowski <1370017@xxxxxxxxxxxxxxxxxx>
Date: Sat, 17 Jan 2015 16:06:48 -0000
Reply-to: Bug 1370017 <1370017@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

I've checked it two times and both times I couldn't interact with
programs.

All the windows of programs except the Terminal dissapeard. The Terminal
console of regural user displayed info about shutting down and no
interaction was possible. The same happened when I had root console open
it showed without window decorations very briefly (much less then 3
seconds) and I couldn't interact with it.

The third try and I didn't see any programs at all.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to unity in Ubuntu.
https://bugs.launchpad.net/bugs/1370017

Title:
  Unity Lockscreen shows unlocked desktop while shutting down

Status in Unity:
  Fix Committed
Status in Unity 7.2 series:
  In Progress
Status in unity package in Ubuntu:
  Fix Released
Status in unity source package in Trusty:
  Fix Committed

Bug description:
  [Impact and Test Case]

  Steps to reproduce:
  1 - Lock the screen
  2 - From the lockscreen, tell the computer to shut down / restart

  Expected behavior:
  * Session programs are closed while the screen is still locked
  * During shutdown, no user interaction is possible

  Observed behavior:
  * The lockscreen is gone immediately, with the rest of compiz (e.g. window decorations are not present)
  * But it's possible to interact with programs that are still running in the session for about 3 seconds

  Observed on an updated Trusty machine, running unity version
  7.2.2+14.04.20140714-0ubuntu1.1

  I consider this bug a security vulnerability because during those 3
  seconds it could be possible to access and interact with sensitive
  information.  Yes, it's short, but you could take a picture or even rm
  -rf / if there happened to be a root console available.

  [Regression Potential]

  An improper implementation of the fix for this issue could result in
  an indefinite hang during system shutdown, or could result in the
  problem not being completely fixed and the security vulnerability
  continuing.

  Neither appear to be the case.

  [ Other Info ]

  The Ubuntu 14.04 LTS SRU has been cherry-picked from upstream Unity
  where it has been in development-level production code in Ubuntu
  'Vivid Vervet' development release for a few months and has not
  display additional problems.

To manage notifications about this bug go to:
https://bugs.launchpad.net/unity/+bug/1370017/+subscriptions