Unity

Unity lock screen bypassed with debsign password prompt

Bug #1321747 reported by Maarten Winter on 2014-05-21

This bug report is a duplicate of: Bug #1305586: Lock screen is unusable when some windows have a keyboard/mouse grab. Edit Remove

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Unity	New	Undecided	Unassigned
	unity (Ubuntu)	New	Undecided	Unassigned

Bug Description

1) Ubuntu 14.04 LTS

2) unity 7.2.0+14.04.20140423-0ubuntu1.2

3) What I expected to happen:

While the lock screen was active, and trying to type in the password prompt in the lock screen, my input would be written in that password prompt.

4) What happened instead

I could not see anything being written in the password field in the lock screen. Only after typing a wrong password two-three times, the lock screen password field was able to receive input.

Further investigation showed, that the keyboard input instead ended up in a password prompt debsign spawned while the lock screen was active - a place where it under no circumstance should be able to end up while the lock screen is active.

I'm not able to condense the bug report right now, but it seems quite serious to me, so I'd rather report it immediately.

Revision history for this message

Seth Arnold (seth-arnold) wrote on 2014-05-21:

Thanks for the report, Maarten. Do you recall how you locked the screen and how you unlocked the screen? Can you recall which applications were running when the screen was locked?

information type:

Private Security → Public Security

Revision history for this message

Maarten Winter (winter-maarten) wrote on 2014-05-21:

Hi Seth,

The screen was locked automatically after me being away from the work station for a couple of minutes.

Unlocking the screen was, as mentioned in the report, a matter of trial and error which involved pressing some keys (where I noticed nothing appeared in the password input field even though the caret was blinking in it) and then pressing enter a couple of times.
I also clicked on the gear/logout icon and then on the password input field for trial and error, but am not sure if that's what got me out of the bad state.

In the Terminal I was running dpkg, followed by debsign (using GPG, so I had to provide a password to unlock my key - a different password than for logging in). Also Pidgin was running, but I'm not sure if that received keyboard input or not.

Hope that helps, otherwise I'll try to provoke it again tomorrow and try to narrow it down.

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2014-06-26:

Stephen, any status on this?

Report a bug

This report contains Public Security information

Everyone can see this security related information.

Duplicate of bug #1305586 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.