[Bug 946888] Re: Loose security on Locked screen.
Marc Deslauriers
marc.deslauriers at canonical.com
Mon Mar 5 19:21:18 UTC 2012
Steps to reproduce:
1- Lock screen with Ctrl-L or indicator menu
2- type random password
3- While password is being checked, press meta key
4- use correct password
5- Notice the dash is open, which means the meta key is being grabbed while the screensaver is active
I haven't been able to type anything, but others have successfully
managed to type stuff into the dash
** Package changed: ubuntu-meta (Ubuntu) => compiz (Ubuntu)
** Changed in: compiz (Ubuntu)
Status: New => Confirmed
** This bug has been flagged as a security vulnerability
** Summary changed:
- Loose security on Locked screen.
+ Dash can be activated while screen is locked
** Also affects: compiz (Ubuntu Precise)
Importance: Undecided
Status: Confirmed
** Changed in: compiz (Ubuntu Precise)
Milestone: None => ubuntu-12.04-beta-2
** Tags added: rls-p-tracking
** Changed in: compiz (Ubuntu Precise)
Assignee: (unassigned) => Canonical Desktop Experience Team (canonical-dx-team)
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to ubuntu-meta in Ubuntu.
https://bugs.launchpad.net/bugs/946888
Title:
Dash can be activated while screen is locked
Status in “compiz” package in Ubuntu:
Confirmed
Status in “compiz” source package in Precise:
Confirmed
Bug description:
What happens:
Screen lock: prior to login the system responds to the first several characters typed and responds to mouse or trackpad movements.
For security sake; Shouldn't this be tightened up?
What should not happen:
Input buffer should not accept signals (ie: characters, keyboard strokes; and not mouse or trackball inputs.
What could potentially happen:
the Hack of system by way of buffer use; thru the momentary laspe of security during the first instance of "locked screen" activity just prior to a login.
Try it and you'll see.
Let me know what your thoughts are:
cliffcarusa at gmail dot com
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/compiz/+bug/946888/+subscriptions
More information about the foundations-bugs
mailing list