xubuntu-dev team mailing list archive

Thread
Date

[Bug 1615612] [NEW] systemd-inhibit authentication ignored by suspend request

To: xubuntu-dev@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1615612@xxxxxxxxxxxxxxxxxx>
Date: Mon, 22 Aug 2016 17:40:30 -0000
Reply-to: Bug 1615612 <1615612@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

*** This bug is a security vulnerability ***

You have been subscribed to a private security bug by Emily Ratliff (emilyr):

xubuntu 16.04

I sometimes run a media server (MediaTomb) with systemd-inhibit to
prevent shutdown or suspend from accidentally killing the server.

If I forget that the server is running and click on the xfce log out
button and choose the suspend option, the system correctly puts up an
authentication dialog saying:

"Authentication is required for suspending the system while an
application asked to inhibit it"

HOWEVER if I dismiss the authentication request (press [Esc]) the system
suspends anyway.

A secondary issue is that the authentication dialog shows BELOW the log
out dialog (see screenshot).

I've marked it as a security issue because a request for authentication
is being ignored but you may well feel it's not a serious issue (being
able to suspend a system when you're not allowed to doesn't sound
catastrophic!) in which case do downgrade it.

HTH, Peter

~$ lsb_release
LSB Version:	core-9.20160110ubuntu0.2-amd64:core-9.20160110ubuntu0.2-noarch:printing-9.20160110ubuntu0.2-amd64:printing-9.20160110ubuntu0.2-noarch:security-9.20160110ubuntu0.2-amd64:security-9.20160110ubuntu0.2-noarch
~$ apt-cache policy xfce4-power-manager
xfce4-power-manager:
  Installed: 1.4.4-4ubuntu2
~$ systemd-inhibit --list
     Who: NetworkManager (UID 0/root, PID 2559/NetworkManager)
    What: sleep
     Why: NetworkManager needs to turn off networks
    Mode: delay

     Who: mediatomb server (UID 0/root, PID 19323/systemd-inhibit)
    What: shutdown:sleep:handle-power-key:handle-suspend-key:handle-lid-switch
     Why: Prevent shutdown of media server
    Mode: block

     Who: xfce4-power-manager (UID 1000/peter, PID 3902/xfce4-power-man)
    What: handle-power-key:handle-suspend-key:handle-hibernate-key:handle-lid-switch
     Why: xfce4-power-manager handles these events
    Mode: block

3 inhibitors listed.

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: xfce4-power-manager 1.4.4-4ubuntu2
ProcVersionSignature: Ubuntu 4.4.0-34.53-generic 4.4.15
Uname: Linux 4.4.0-34-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.1
Architecture: amd64
CurrentDesktop: XFCE
Date: Mon Aug 22 12:49:04 2016
InstallationDate: Installed on 2016-05-12 (101 days ago)
InstallationMedia: Xubuntu 16.04 LTS "Xenial Xerus" - Release amd64 (20160420.1)
SourcePackage: xfce4-power-manager
UpgradeStatus: No upgrade log present (probably fresh install)

** Affects: xfce4-power-manager (Ubuntu)
     Importance: Undecided
         Status: Confirmed


** Tags: amd64 apport-bug xenial
-- 
systemd-inhibit authentication ignored by suspend request
https://bugs.launchpad.net/bugs/1615612
You received this bug notification because you are a member of Xubuntu Developers, which is subscribed to the bug report.