Bug#854344: Password dialog can be skipped using lightdm autologin feature

2017-03-12 Thread Yves-Alexis Perez 
On Sun, 2017-03-12 at 14:28 +0100, Margarita Manterola wrote:
> Hi,
> 
> On 2017-03-12 14:11, Yves-Alexis Perez wrote:
> > Agreed, it looks to me like it's running more or less as intended. Can 
> > you be
> > a little bit more specific on what would be the expected behavior from 
> > your
> > point of view?
> 
>  From my understanding of Ivar's report, the feature request would be to 
> separate the autologin functionality for starting a new session from 
> unlocking an existing session that is locked by a screensaver.

Unfortunately, and as far as I can tell, lightdm doesn't have any indication
whether it's running in “login” or “unlocking” mode. It's the exact same thing
for it, so it definitely behaves as intended. If it's not what's the user
want, I would advise against using light-locker/lightdm and use another
lockscreen.

Regards,
-- 
Yves-Alexis

signature.asc
Description: This is a digitally signed message part

Bug#854344: Password dialog can be skipped using lightdm autologin feature

2017-03-12 Thread Margarita Manterola 

Hi,

On 2017-03-12 14:11, Yves-Alexis Perez wrote:
Agreed, it looks to me like it's running more or less as intended. Can 
you be
a little bit more specific on what would be the expected behavior from 
your

point of view?


From my understanding of Ivar's report, the feature request would be to 
separate the autologin functionality for starting a new session from 
unlocking an existing session that is locked by a screensaver.


--
Regards,
Marga

Bug#854344: Password dialog can be skipped using lightdm autologin feature

2017-03-12 Thread Yves-Alexis Perez 
On Sun, 12 Mar 2017 12:48:03 +0100 Margarita Manterola 
wrote:
> reassign -1 lightdm 1.18.3-1
> retitle -1 Screensaver lock can be skipped using lightdm autologin 
> feature
> 
> Hi,
> 
> On 2017-02-06 10:25, Ivar Smolin wrote:
> > If user locks the screen with cinnamon-screensaver, the password dialog
> > can be skipped if lightdm autologin feature is enabled.
> 
> I've verified that this is exactly the same if the user uses the KDE 
> screensaver, so I'm reassigning the bug to lightdm.
> 
> > Scenario:
> > 1. Lock the screen
> > 2. Use "Switch users" button to activate the lightdm screen
> > 3. Wait until lightdm autologin timeout is over
> > 4. User desktop is activated
> 
> While I understand that this might be confusing and not what the user 
> expects (in some very specific situations), I don't think this is a 
> "security" bug. It seems to me that this is basically working as 
> intended, and that changing the behavior is a feature request to allow 
> very specific usecases (i.e. not having to type 2 passwords if your disk 
> is encrypted or having a session start automatically and then get locked 
> automatically).
> 
> Still, I'll let the lightdm maintainers decide on that.

Agreed, it looks to me like it's running more or less as intended. Can you be
a little bit more specific on what would be the expected behavior from your
point of view?

Regards,
-- 
Yves-Alexis

signature.asc
Description: This is a digitally signed message part

Bug#854344: Password dialog can be skipped using lightdm autologin feature

2017-03-12 Thread Margarita Manterola 

reassign -1 lightdm 1.18.3-1
retitle -1 Screensaver lock can be skipped using lightdm autologin 
feature


Hi,

On 2017-02-06 10:25, Ivar Smolin wrote:

If user locks the screen with cinnamon-screensaver, the password dialog
can be skipped if lightdm autologin feature is enabled.


I've verified that this is exactly the same if the user uses the KDE 
screensaver, so I'm reassigning the bug to lightdm.



Scenario:
1. Lock the screen
2. Use "Switch users" button to activate the lightdm screen
3. Wait until lightdm autologin timeout is over
4. User desktop is activated


While I understand that this might be confusing and not what the user 
expects (in some very specific situations), I don't think this is a 
"security" bug. It seems to me that this is basically working as 
intended, and that changing the behavior is a feature request to allow 
very specific usecases (i.e. not having to type 2 passwords if your disk 
is encrypted or having a session start automatically and then get locked 
automatically).


Still, I'll let the lightdm maintainers decide on that.

--
Regards,
Marga

Bug#854344: Password dialog can be skipped using lightdm autologin feature

2017-02-06 Thread Ivar Smolin 

Package: cinnamon-screensaver
Version: 3.2.13-1
Severity: normal
Tags: security

If user locks the screen with cinnamon-screensaver, the password dialog
can be skipped if lightdm autologin feature is enabled.

Scenario:
1. Lock the screen
2. Use "Switch users" button to activate the lightdm screen
3. Wait until lightdm autologin timeout is over
4. User desktop is activated

Autologin parameters enabled in lightdm config (section [Seat:*]):
# diff /etc/lightdm/lightdm.conf /etc/lightdm/lightdm.conf.original
122,123c122,123
< autologin-user=okul
< autologin-user-timeout=2
---
> #autologin-user=
> #autologin-user-timeout=0


lightdm version:
ii  lightdm 1.18.3-1


I generated two user cases to explain the problem and also tested them 
in my computer. In both cases the password dialog can be skipped using 
autologin feature.


Case 1: User data is protected by hard disk partition password.
This case is applicable for single user computer if user wants to avoid 
entering two passwords during bootup.
Hard disk partition is encrypted. Accessing data requires to enter 
password during bootup process. After entering password, the display 
manager logs user in automatically.


Case 2: User data is protected by autolocking screen after autologin
This case is applicable for user who wants to log in automatically (to 
continue downloads, to start audio player, etc...) but also to protect 
his/her data.
Screen locking is activated by session startup programs. Display manager 
logs user in automatically and locks screen.



-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-1-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages cinnamon-screensaver depends on:
ii  cinnamon-desktop-data   3.2.4-3
ii  gir1.2-accountsservice-1.0  0.6.43-1
ii  gir1.2-cinnamondesktop-3.0  3.2.4-3
ii  gir1.2-gkbd-3.0 3.22.0.1-1
ii  gir1.2-glib-2.0 1.50.0-1
ii  gir1.2-gtk-3.0  3.22.6-1
ii  gir1.2-xapp-1.0 1.0.2-1
ii  iso-flags-png-320x240   1.0.1-1
ii  libc6   2.24-8
ii  libcscreensaver03.2.13-1
ii  libglib2.0-02.50.2-2
ii  libgtk-3-0  3.22.6-1
ii  python3 3.5.3-1
ii  python3-gi  3.22.0-2
ii  python3-gi-cairo3.22.0-2
ii  python3-setproctitle1.1.10-1
ii  python3-xlib0.14+20091101-5
pn  python3:any 
pn  python:any  

Versions of packages cinnamon-screensaver recommends:
ii  cinnamon-screensaver-x-plugin  3.2.13-1

Versions of packages cinnamon-screensaver suggests:
pn  cinnamon-screensaver-webkit-plugin  

-- no debconf information
#
# General configuration
#
# start-default-seat = True to always start one seat if none are defined in the 
configuration
# greeter-user = User to run greeter as
# minimum-display-number = Minimum display number to use for X servers
# minimum-vt = First VT to run displays on
# lock-memory = True to prevent memory from being paged to disk
# user-authority-in-system-dir = True if session authority should be in the 
system location
# guest-account-script = Script to be run to setup guest account
# logind-check-graphical = True to on start seats that are marked as graphical 
by logind
# log-directory = Directory to log information to
# run-directory = Directory to put running state in
# cache-directory = Directory to cache to
# sessions-directory = Directory to find sessions
# remote-sessions-directory = Directory to find remote sessions
# greeters-directory = Directory to find greeters
# backup-logs = True to move add a .old suffix to old log files when opening 
new ones
#
[LightDM]
#start-default-seat=true
#greeter-user=lightdm
#minimum-display-number=0
#minimum-vt=7
#lock-memory=true
#user-authority-in-system-dir=false
#guest-account-script=guest-account
#logind-check-graphical=false
#log-directory=/var/log/lightdm
#run-directory=/var/run/lightdm
#cache-directory=/var/cache/lightdm
#sessions-directory=/usr/share/lightdm/sessions:/usr/share/xsessions:/usr/share/wayland-sessions
#remote-sessions-directory=/usr/share/lightdm/remote-sessions
#greeters-directory=/usr/share/lightdm/greeters:/usr/share/xgreeters
#backup-logs=true

#
# Seat configuration
#
# Seat configuration is matched against the seat name glob in the section, for 
example:
# [Seat:*] matches all seats and is applied first.
# [Seat:seat0] matches the seat named "seat0".
# [Seat:seat-thin-client*] matches all seats that have names that start with 
"seat-thin-client".
#
# type = Seat type (xlocal, xremote, unity)
# pam-service = PAM service to use for login
# pam-autologin-service = PAM service to use for autologin
# pam-greeter-service = PAM service to use for greeters
# xserver-command = X