[Bug 1777415] Re: Local authorization bypass by using suspend mode
Steve Langasek
steve.langasek at canonical.com
Wed Feb 13 06:21:05 UTC 2019
Which files, when missing, cause this to happen? Can you provide strace
output of the failing process?
This seems unlikely to be due to PAM, which has fairly well exercised
error handling and is designed to fail closed; but it's possible there
is a bug in the configuration of PAM for one or more services.
** Changed in: pam (Ubuntu)
Status: Confirmed => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to pam in Ubuntu.
https://bugs.launchpad.net/bugs/1777415
Title:
Local authorization bypass by using suspend mode
Status in Unity:
New
Status in pam package in Ubuntu:
Incomplete
Status in unity package in Ubuntu:
Confirmed
Bug description:
Version: Ubuntu 16.04.04 LTS Desktop, all packets are updated at 15.06.2018
Affects: access to latest user opened applications, that can contain sensitive information (documents, private information, passwords, etc.)
How to reproduce:
1. open some applications (LibreOffice, browsers, editors, ...)
2. go to suspend mode
3. extract hard drive
4. wake up
5. after that can be several behaviors:
* Ubuntu show lock screen. Enter ANY password -> access granted.
* Ubuntu show lock screen. Enter ANY password, access denied. Fast press the hardware shutdown button -> access granted.
* Ubuntu does not show lock screen, only black screen. We can repeat actions like in previous paragraphs
To manage notifications about this bug go to:
https://bugs.launchpad.net/unity/+bug/1777415/+subscriptions
More information about the foundations-bugs
mailing list