← Back to team overview

ubuntu-phone team mailing list archive

Re: Sharing dynamic informations between the user session and the greeter

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Michael Terry wrote on 10/03/14 13:48:
> 
> On Mon, Mar 10, 2014 at 7:51 AM, Matthew Paul Thomas ...
>> Sorry, I was using "greeter" too loosely as a synonym for "login 
>> screen", i.e. the screen that lets you choose between multiple 
>> accounts.
>> 
>> Ubuntu on a phone currently does not use a login screen, because 
>> there are never multiple user accounts to choose from. Instead, 
>> when starting the phone, you go directly to the lock screen 
>> (a.k.a. "welcome screen") for the only account.
> 
> Eventually we want to allow users to have encrypted home 
> directories on the phone.  (Which is currently blocked by this
> very same problem of not having a proper greeter.)  With encrypted
> home directories, we have to have a login screen for the user must
> enter a password/pin.

I don't see how that follows. Most active phones spend much more time
asleep than powered off. That's just as true when a phone is stolen
than at any other time. Therefore any encryption, password, or PIN
requirement will be ineffective unless it applies to the locked state
just as it does to any login screen. And therefore, if the device is
single-user, we could still take you directly to the lock (Welcome)
screen on startup, skipping the login screen.

> ...
> 
> Lockscreens are problematic from a security perspective, due to 
> technical details.  Running the PAM stack as a user (i.e. being a 
> PAM "server") has never worked quite like we want.  In order to 
> work when run as a user, PAM modules (like fingerprint, ldap, or 
> pin) have to run separate daemons as root to talk to, which
> doesn't usually thrill the security team.  And the pin module
> we're planning to use for the phone doesn't work in a user context
> (i.e. it doesn't use a root daemon; could add one, but 4-digit pins
> would probably be pretty easy for a user to brute-force
> programmatically then).
> 
> ...

Those seem like problems you have to overcome anyway, so that people can
change their PIN or password in System Settings.
<https://wiki.ubuntu.com/SecurityAndPrivacySettings#phone-locking>

- -- 
mpt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlMgOfkACgkQ6PUxNfU6ecpvSACfdFDF7iN9E66nBCGjOv4i44rN
300An2V/yIdxyczPiZaSZ59B2yE8t/OG
=4uLQ
-----END PGP SIGNATURE-----


Follow ups

References