Public bug reported:
If the screen is locked, and user switching is enabled, any malicious
person can reboot or shutdown the computer by selecting "switch users"
from the screensaver dialog, and then rebooting the computer. This can
use potential loss of data for the user who locked the screen.
Steps to reproduce:
1) Enable user switching (key /apps/gnome-screensaver/user_switch_enabled
2) Lock the screen (and walk away)
3) (Malicious user) press any key and select "Switch User"
4) Select "Restart" from the menu at the bottom
5) Lose all unsaved work
Expected behavior:
1) gdm should ask for an administrator password or some such thing
before rebooting/shutting down active logged in accounts.
** Affects: gdm (Ubuntu)
Importance: Undecided
Status: New
** Visibility changed to: Public
--
Any user can reboot or shutdown computer when screen is locked
https://bugs.launchpad.net/bugs/153706
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is a bug contact for gdm in ubuntu.
--
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
