[Bug 946888] Re: Loose security on Locked screen.

Marc Deslauriers marc.deslauriers at canonical.com
Mon Mar 5 19:21:18 UTC 2012


Steps to reproduce:

1- Lock screen with Ctrl-L or indicator menu
2- type random password
3- While password is being checked, press meta key
4- use correct password
5- Notice the dash is open, which means the meta key is being grabbed while the screensaver is active

I haven't been able to type anything, but others have successfully
managed to type stuff into the dash

** Package changed: ubuntu-meta (Ubuntu) => compiz (Ubuntu)

** Changed in: compiz (Ubuntu)
       Status: New => Confirmed

** This bug has been flagged as a security vulnerability

** Summary changed:

- Loose security on Locked screen.
+ Dash can be activated while screen is locked

** Also affects: compiz (Ubuntu Precise)
   Importance: Undecided
       Status: Confirmed

** Changed in: compiz (Ubuntu Precise)
    Milestone: None => ubuntu-12.04-beta-2

** Tags added: rls-p-tracking

** Changed in: compiz (Ubuntu Precise)
     Assignee: (unassigned) => Canonical Desktop Experience Team (canonical-dx-team)

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to ubuntu-meta in Ubuntu.
https://bugs.launchpad.net/bugs/946888

Title:
  Dash can be activated while screen is locked

Status in “compiz” package in Ubuntu:
  Confirmed
Status in “compiz” source package in Precise:
  Confirmed

Bug description:
  What happens:
  Screen lock: prior to login the system responds to the first several characters typed and responds to mouse or trackpad movements.

  For security sake; Shouldn't this be tightened up?

  What should not happen:
  Input buffer should not accept signals (ie: characters, keyboard strokes; and not mouse or trackball inputs.

  What could potentially happen:
  the Hack of system by way of buffer use; thru the momentary laspe of security during the first instance of "locked screen" activity just prior to a login.

  Try it and you'll see.

  Let me know what your thoughts are:

  cliffcarusa at gmail dot com

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/compiz/+bug/946888/+subscriptions




More information about the foundations-bugs mailing list