Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: gnome-shell (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-shell in Ubuntu.
https://bugs.launchpad.net/bugs/1882353
Title:
Ubuntu Dock and Top bar accessible from lockscreen
Status in GNOME Shell:
Unknown
Status in gnome-shell package in Ubuntu:
Confirmed
Bug description:
This is a very serious security issue:
When I lock my desktop with SUPER (windows) + L my screen gets locked
and goes to black. Sometimes when I return to my PC and move my mouse
to turn my screen back on I notice that the Ubuntu Dock + the Top Bar
are accessible from the lockscreen.
I unfortunately can't remember if they were accessible from the moment
I locked the screen or became accessible after returning from fade to
black. (This is not the first time this issue happened.)
I was able to open the settings menu from the top bar and use all
indicators. You can actually start the programs in the Ubuntu Dock and
give keyboard inputs to them. For example I was able to start the
terminal emulator from the lock screen and run firefox and other
applications. So an attacker could run arbitrary commands with user
privileges from the lockscreen!
The indicators drop down menus were fully visible on the lock screen
while the Dock applications remained hidden "behind" the lockscreen
(however still accessible via keyboard as described above).
I have attached a screenshot of the bug. I unfortunately had no camera
at hand to film me running terminal commands.
Please contact me if you need additional information.
ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: gnome-shell-extension-ubuntu-dock 67ubuntu20.04.5
ProcVersionSignature: Ubuntu 5.4.0-33.37-generic 5.4.34
Uname: Linux 5.4.0-33-generic x86_64
NonfreeKernelModules: nvidia_modeset nvidia
ApportVersion: 2.20.11-0ubuntu27.2
Architecture: amd64
CasperMD5CheckResult: skip
CurrentDesktop: ubuntu:GNOME
Date: Sat Jun 6 13:35:28 2020
InstallationDate: Installed on 2015-12-22 (1627 days ago)
InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Release amd64 (20151021)
PackageArchitecture: all
SourcePackage: gnome-shell-extension-ubuntu-dock
UpgradeStatus: Upgraded to focal on 2020-04-25 (42 days ago)
modified.conffile..etc.default.apport: [modified]
mtime.conffile..etc.default.apport: 2015-12-23T12:07:53.769719
To manage notifications about this bug go to:
https://bugs.launchpad.net/gnome-shell/+bug/1882353/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
