touch-packages team mailing list archive

Thread
Date

[Bug 1370017] Re: Unity Lockscreen shows unlocked desktop while shutting down

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Margarita Manterola <marga@xxxxxxxxxx>
Date: Mon, 23 Mar 2015 10:23:22 -0000
Reply-to: Bug 1370017 <1370017@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

I'm still seeing this on an up-to-date Trusty instance.

$ apt-cache policy unity
unity:
  Installed: 7.2.4+14.04.20141217-0ubuntu1
  Candidate: 7.2.4+14.04.20141217-0ubuntu1

$ apt-cache policy compiz
compiz:
  Installed: 1:0.9.11.3+14.04.20150122-0ubuntu1
  Candidate: 1:0.9.11.3+14.04.20150122-0ubuntu1

The reproduction case is:
1) In a Unity environment, start a terminal
2) Lock the screen
3) From the lockscreen, restart the machine

Expected:
  No interaction is possible while the machine is shutting down.
Actual:
  It's possible to interact with the terminal for around 3 seconds.

The SRU instructions didn't include the "open terminal" step, it might
be that that's why this was verified even if it's not actually fixed?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to unity in Ubuntu.
https://bugs.launchpad.net/bugs/1370017

Title:
  Unity Lockscreen shows unlocked desktop while shutting down

Status in Unity:
  Fix Released
Status in Unity 7.2 series:
  Fix Released
Status in unity package in Ubuntu:
  Fix Released
Status in unity source package in Trusty:
  Fix Released

Bug description:
  [Impact and Test Case]

  Steps to reproduce:
  1 - Lock the screen
  2 - From the lockscreen, tell the computer to shut down / restart

  Expected behavior:
  * Session programs are closed while the screen is still locked
  * During shutdown, no user interaction is possible

  Observed behavior:
  * The lockscreen is gone immediately, with the rest of compiz (e.g. window decorations are not present)
  * But it's possible to interact with programs that are still running in the session for about 3 seconds

  Observed on an updated Trusty machine, running unity version
  7.2.2+14.04.20140714-0ubuntu1.1

  I consider this bug a security vulnerability because during those 3
  seconds it could be possible to access and interact with sensitive
  information.  Yes, it's short, but you could take a picture or even rm
  -rf / if there happened to be a root console available.

  [Regression Potential]

  An improper implementation of the fix for this issue could result in
  an indefinite hang during system shutdown, or could result in the
  problem not being completely fixed and the security vulnerability
  continuing.

  Neither appear to be the case.

  [ Other Info ]

  The Ubuntu 14.04 LTS SRU has been cherry-picked from upstream Unity
  where it has been in development-level production code in Ubuntu
  'Vivid Vervet' development release for a few months and has not
  display additional problems.

To manage notifications about this bug go to:
https://bugs.launchpad.net/unity/+bug/1370017/+subscriptions