Public bug reported: If the screen is locked, and user switching is enabled, any malicious person can reboot or shutdown the computer by selecting "switch users" from the screensaver dialog, and then rebooting the computer. This can use potential loss of data for the user who locked the screen.
Steps to reproduce: 1) Enable user switching (key /apps/gnome-screensaver/user_switch_enabled 2) Lock the screen (and walk away) 3) (Malicious user) press any key and select "Switch User" 4) Select "Restart" from the menu at the bottom 5) Lose all unsaved work Expected behavior: 1) gdm should ask for an administrator password or some such thing before rebooting/shutting down active logged in accounts. ** Affects: gdm (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public -- Any user can reboot or shutdown computer when screen is locked https://bugs.launchpad.net/bugs/153706 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is a bug contact for gdm in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs