Just another sidenote: I'm unaffected by this bug, because I always use
xscreensaver instead of those newer unsecure rewrites.
People concerned about security might want to read the
Just a sidenote: Unlike what the sensationalist article at heise.de from
today suggests (which links here), this bug was fixed in a heroc effort
over night *before* final release, the fix is on the 14.04 image that
was released to end users.
--
You received this bug notification because you are
This Lock Screen bug is just one of many unfixed security issues. Below
is another long-standing issue that also allows one to bypass the lock
screen...
https://bugs.launchpad.net/ubuntu/+source/gnome-screensaver/+bug/49579
--
You received this bug notification because you are a member of
@kristian-erik-hermansen Cool find, but utterly irrelevant here. That
bug is about users blindly trusting the screen to auto-lock (which they
_should be able to_).
This bug is about the trust being broken even after they _verified_ that
they had _explicitly_ locked their screens. That's (a) a
Yes, bug 49579 won't get fixed until we move away from xorg into Mir...
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1308572
Title:
Ubuntu 14.04: security problem in the lock screen
To manage
** Changed in: unity
Status: In Progress = Fix Committed
** Tags added: lockscreen
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1308572
Title:
Ubuntu 14.04: security problem in the lock
** Changed in: unity
Status: Fix Committed = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1308572
Title:
Ubuntu 14.04: security problem in the lock screen
To manage
** Information type changed from Private Security to Public Security
** Package changed: ubuntu = gnome-screensaver (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1308572
Title:
Ubuntu
/var/log/auth.log indicates quite some time is about 30 seconds so not
that long.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1308572
Title:
Ubuntu 14.04: security problem in the lock screen
To
I've recreated this and after holding the enter key for quite some time
my screen was unlocked. I noticed the following in /var/log/syslog:
Apr 16 12:41:14 blacklightning gnome-session[2708]: WARNING: Application
'compiz.desktop' killed by signal 6
Apr 16 12:41:14 blacklightning
14:13 infinity jdstrand: If you're hunting down people to poke about this,
can you (strongly) suggest that this needs two fixes? First, obviously it
shouldn't crash, but second, a restart-post-crash of unity should *always*
start locked.
14:13 infinity jdstrand: Since there's no way to 100%
This probably needs two fixes: fix the crasher and making sure a restart
of unity after a crash is locked.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1308572
Title:
Ubuntu 14.04: security
** Package changed: gnome-screensaver (Ubuntu) = unity (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1308572
Title:
Ubuntu 14.04: security problem in the lock screen
To manage
** Also affects: unity
Importance: Undecided
Status: New
** Changed in: unity
Status: New = Triaged
** Changed in: unity (Ubuntu)
Status: New = Triaged
** Changed in: unity
Importance: Undecided = Critical
** Changed in: unity (Ubuntu)
Importance: Undecided =
To be clear, the always restart locked half of the fix is the more
important bit. The crash is embarrassing, but crashes will happen, and
we'll find others. Having it restart unlocked is bordering on
unforgivable, and we should focus on fixing that first.
--
You received this bug notification
** Changed in: unity
Assignee: (unassigned) = Brandon Schaefer (brandontschaefer)
** Changed in: unity (Ubuntu)
Status: Triaged = In Progress
** Changed in: unity
Status: Triaged = In Progress
** Changed in: unity (Ubuntu)
Assignee: (unassigned) = Brandon Schaefer
** Description changed:
affects ubuntu
Hello,
I am running Ubuntu 14.04 with all the packages updated.
When the screen is locked with password, if I hold ENTER after some
seconds the screen freezes and the lock screen crashes. After that I
have the computer fully unlocked.
--
** Changed in: unity
Assignee: Marco Trevisan (Treviño) (3v1n0) = Andrea Azzarone (andyrock)
** Changed in: unity (Ubuntu)
Assignee: Marco Trevisan (Treviño) (3v1n0) = Andrea Azzarone (andyrock)
** Changed in: unity
Milestone: None = 7.2.1
--
You received this bug notification
** Branch linked: lp:~andyrock/unity/fix-1308572
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1308572
Title:
Ubuntu 14.04: security problem in the lock screen
To manage notifications about this
** Branch linked: lp:~3v1n0/unity/relocks-on-crashes
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1308572
Title:
Ubuntu 14.04: security problem in the lock screen
To manage notifications about
So both the linked branches built in silo 8, and when I tested it, this
is what I found:
1. start unity
2. open terminal (Ctrl+alt+T)
3. type 'sleep 15 killall -9 compiz'
4. lock screen
observe: screen locks, then unity crashes, then unity restarts locked.
so far so good.
5. issue the same
** Branch unlinked: lp:~3v1n0/unity/relocks-on-crashes
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1308572
Title:
Ubuntu 14.04: security problem in the lock screen
To manage notifications about
This bug was fixed in the package unity - 7.2.0+14.04.20140416-0ubuntu1
---
unity (7.2.0+14.04.20140416-0ubuntu1) trusty; urgency=low
[ Andrea Azzarone ]
* Do not allow to activate twice the same entry! (LP: #1308572)
[ Marco Trevisan (Treviño) ]
* UnityScreen: save a
robru: the fact that unity doesn't reload properly after some crashes
it's related to to bug #1308800 (it seems upstart is not loading unity,
so gnome-session is not reliable at all for this).
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
24 matches
Mail list logo