[Desktop-packages] [Bug 1948339] Re: Logon screen can be bypassed using various shortcuts
Hi all, thanks a lot, I upgraded to MATE 22.04 and could confirm that marco is no longer recognising its keybindings. --- However I discovered a second issue some minutes ago: I installed MATE 22.04 on another system with some special keys on the keyboard and one of the keys (Fn + F9) on the connected keyboard is launching "mate-search-tool". I did some further research and noticed that this time different component is affected: mate-settings-daemon. When I terminated mate-settings-daemon via SSH connection, the keybinding was no longer accepted. 20.04.3 does not seem to be affected, as slick-greeter is not relying on mate-settings-daemon. So it's probably 20.10 up to 22.04. I will add a separate issue within the arctica-greeter project. Not sure what the best fix is - either something similar like "marco --no-keybindings", or by not invoking mate-settings-daemon at all, although I guess this could break some ayatana-indicators features. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/1948339 Title: Logon screen can be bypassed using various shortcuts Status in arctica-greeter package in Ubuntu: Fix Released Status in lightdm package in Ubuntu: Invalid Status in marco package in Ubuntu: Fix Released Status in mate-settings-daemon package in Ubuntu: Invalid Bug description: Hi, my little daughter discovered a logon screen bypass in Ubuntu Mate 21.10 after hitting the keyboard for a while. It turns out that several keyboard shortcuts are allowed while Ubuntu Mate is locked (arctica-greeter): - Mod4 + S (mate-search-tool) - Mod4 + E (Open Caja / File Explorer) - CTRL + Shift + Esc (mate-system-monitor) - PRNT (Screenshot) All of the mentioned shortcuts could be used to spawn a file explorer (Caja) or various other binaries as user "lightdm", who owns the logon screen. Although an interactive terminal like mate-terminal, xterm, lxterm etc. could not be opened directly, there are various options to run commands as the lightdm user, for example by creating a shell script using "caja", and execute it directly using the GUI. I've attached Proof-of-Concept GIFs for all shortcuts mentioned above. There might be additional shortcuts that could be used to achieve the same, however I'm not aware about every shortcut that is configured, but I suppose that the root cause is located somewhere in arctica- greeter, rather than within every single binary launched by shortcuts. The bug was reproduced on a fresh installation of Ubuntu Mate 21.10. I haven't tested other versions of Ubuntu Mate yet. Please find additional version details below: $ apt-cache policy lightdm lightdm: Installed: 1.30.0-0ubuntu4 Candidate: 1.30.0-0ubuntu4 Version table: *** 1.30.0-0ubuntu4 500 500 http://de.archive.ubuntu.com/ubuntu impish/universe amd64 Packages 100 /var/lib/dpkg/status $ apt-cache policy arctica-greeter arctica-greeter: Installed: 0.99.1.5-2nmu1 Candidate: 0.99.1.5-2nmu1 Version table: *** 0.99.1.5-2nmu1 500 500 http://de.archive.ubuntu.com/ubuntu impish/universe amd64 Packages 100 /var/lib/dpkg/status Thanks, Basti To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/arctica-greeter/+bug/1948339/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1948339] Re: Logon screen can be bypassed using various shortcuts
This bug was fixed in the package marco - 1.26.0-3ubuntu1 --- marco (1.26.0-3ubuntu1) jammy; urgency=medium * debian/patches: + Add 1000_add-no-keybindings.patch (LP: #1948339) -- Martin Wimpress Tue, 12 Apr 2022 10:28:18 +0100 ** Changed in: marco (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/1948339 Title: Logon screen can be bypassed using various shortcuts Status in arctica-greeter package in Ubuntu: Fix Released Status in lightdm package in Ubuntu: Invalid Status in marco package in Ubuntu: Fix Released Status in mate-settings-daemon package in Ubuntu: Invalid Bug description: Hi, my little daughter discovered a logon screen bypass in Ubuntu Mate 21.10 after hitting the keyboard for a while. It turns out that several keyboard shortcuts are allowed while Ubuntu Mate is locked (arctica-greeter): - Mod4 + S (mate-search-tool) - Mod4 + E (Open Caja / File Explorer) - CTRL + Shift + Esc (mate-system-monitor) - PRNT (Screenshot) All of the mentioned shortcuts could be used to spawn a file explorer (Caja) or various other binaries as user "lightdm", who owns the logon screen. Although an interactive terminal like mate-terminal, xterm, lxterm etc. could not be opened directly, there are various options to run commands as the lightdm user, for example by creating a shell script using "caja", and execute it directly using the GUI. I've attached Proof-of-Concept GIFs for all shortcuts mentioned above. There might be additional shortcuts that could be used to achieve the same, however I'm not aware about every shortcut that is configured, but I suppose that the root cause is located somewhere in arctica- greeter, rather than within every single binary launched by shortcuts. The bug was reproduced on a fresh installation of Ubuntu Mate 21.10. I haven't tested other versions of Ubuntu Mate yet. Please find additional version details below: $ apt-cache policy lightdm lightdm: Installed: 1.30.0-0ubuntu4 Candidate: 1.30.0-0ubuntu4 Version table: *** 1.30.0-0ubuntu4 500 500 http://de.archive.ubuntu.com/ubuntu impish/universe amd64 Packages 100 /var/lib/dpkg/status $ apt-cache policy arctica-greeter arctica-greeter: Installed: 0.99.1.5-2nmu1 Candidate: 0.99.1.5-2nmu1 Version table: *** 0.99.1.5-2nmu1 500 500 http://de.archive.ubuntu.com/ubuntu impish/universe amd64 Packages 100 /var/lib/dpkg/status Thanks, Basti To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/arctica-greeter/+bug/1948339/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1948339] Re: Logon screen can be bypassed using various shortcuts
This bug was fixed in the package arctica-greeter - 0.99.1.5-2nmu3 --- arctica-greeter (0.99.1.5-2nmu3) jammy; urgency=medium * debian/patches: + Add 2002_shutdown-dialog-font.patch. (LP: #1916770) * debian/control: + Version Recommends: marco (>= 1.26.0-3~) (LP: #1948339) -- Martin Wimpress Tue, 12 Apr 2022 13:24:46 +0100 ** Changed in: arctica-greeter (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/1948339 Title: Logon screen can be bypassed using various shortcuts Status in arctica-greeter package in Ubuntu: Fix Released Status in lightdm package in Ubuntu: Invalid Status in marco package in Ubuntu: Fix Committed Status in mate-settings-daemon package in Ubuntu: Invalid Bug description: Hi, my little daughter discovered a logon screen bypass in Ubuntu Mate 21.10 after hitting the keyboard for a while. It turns out that several keyboard shortcuts are allowed while Ubuntu Mate is locked (arctica-greeter): - Mod4 + S (mate-search-tool) - Mod4 + E (Open Caja / File Explorer) - CTRL + Shift + Esc (mate-system-monitor) - PRNT (Screenshot) All of the mentioned shortcuts could be used to spawn a file explorer (Caja) or various other binaries as user "lightdm", who owns the logon screen. Although an interactive terminal like mate-terminal, xterm, lxterm etc. could not be opened directly, there are various options to run commands as the lightdm user, for example by creating a shell script using "caja", and execute it directly using the GUI. I've attached Proof-of-Concept GIFs for all shortcuts mentioned above. There might be additional shortcuts that could be used to achieve the same, however I'm not aware about every shortcut that is configured, but I suppose that the root cause is located somewhere in arctica- greeter, rather than within every single binary launched by shortcuts. The bug was reproduced on a fresh installation of Ubuntu Mate 21.10. I haven't tested other versions of Ubuntu Mate yet. Please find additional version details below: $ apt-cache policy lightdm lightdm: Installed: 1.30.0-0ubuntu4 Candidate: 1.30.0-0ubuntu4 Version table: *** 1.30.0-0ubuntu4 500 500 http://de.archive.ubuntu.com/ubuntu impish/universe amd64 Packages 100 /var/lib/dpkg/status $ apt-cache policy arctica-greeter arctica-greeter: Installed: 0.99.1.5-2nmu1 Candidate: 0.99.1.5-2nmu1 Version table: *** 0.99.1.5-2nmu1 500 500 http://de.archive.ubuntu.com/ubuntu impish/universe amd64 Packages 100 /var/lib/dpkg/status Thanks, Basti To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/arctica-greeter/+bug/1948339/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1948339] Re: Logon screen can be bypassed using various shortcuts
@bkanbach I can version marco Recommends ensuring both packages update in lockstep. I have spoken to the Ubuntu Security team and they will handle the CVE assignment. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/1948339 Title: Logon screen can be bypassed using various shortcuts Status in arctica-greeter package in Ubuntu: Fix Committed Status in lightdm package in Ubuntu: Invalid Status in marco package in Ubuntu: Fix Committed Status in mate-settings-daemon package in Ubuntu: Invalid Bug description: Hi, my little daughter discovered a logon screen bypass in Ubuntu Mate 21.10 after hitting the keyboard for a while. It turns out that several keyboard shortcuts are allowed while Ubuntu Mate is locked (arctica-greeter): - Mod4 + S (mate-search-tool) - Mod4 + E (Open Caja / File Explorer) - CTRL + Shift + Esc (mate-system-monitor) - PRNT (Screenshot) All of the mentioned shortcuts could be used to spawn a file explorer (Caja) or various other binaries as user "lightdm", who owns the logon screen. Although an interactive terminal like mate-terminal, xterm, lxterm etc. could not be opened directly, there are various options to run commands as the lightdm user, for example by creating a shell script using "caja", and execute it directly using the GUI. I've attached Proof-of-Concept GIFs for all shortcuts mentioned above. There might be additional shortcuts that could be used to achieve the same, however I'm not aware about every shortcut that is configured, but I suppose that the root cause is located somewhere in arctica- greeter, rather than within every single binary launched by shortcuts. The bug was reproduced on a fresh installation of Ubuntu Mate 21.10. I haven't tested other versions of Ubuntu Mate yet. Please find additional version details below: $ apt-cache policy lightdm lightdm: Installed: 1.30.0-0ubuntu4 Candidate: 1.30.0-0ubuntu4 Version table: *** 1.30.0-0ubuntu4 500 500 http://de.archive.ubuntu.com/ubuntu impish/universe amd64 Packages 100 /var/lib/dpkg/status $ apt-cache policy arctica-greeter arctica-greeter: Installed: 0.99.1.5-2nmu1 Candidate: 0.99.1.5-2nmu1 Version table: *** 0.99.1.5-2nmu1 500 500 http://de.archive.ubuntu.com/ubuntu impish/universe amd64 Packages 100 /var/lib/dpkg/status Thanks, Basti To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/arctica-greeter/+bug/1948339/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1948339] Re: Logon screen can be bypassed using various shortcuts
** Changed in: arctica-greeter (Ubuntu) Status: In Progress => Fix Committed ** Changed in: marco (Ubuntu) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/1948339 Title: Logon screen can be bypassed using various shortcuts Status in arctica-greeter package in Ubuntu: Fix Committed Status in lightdm package in Ubuntu: Invalid Status in marco package in Ubuntu: Fix Committed Status in mate-settings-daemon package in Ubuntu: Invalid Bug description: Hi, my little daughter discovered a logon screen bypass in Ubuntu Mate 21.10 after hitting the keyboard for a while. It turns out that several keyboard shortcuts are allowed while Ubuntu Mate is locked (arctica-greeter): - Mod4 + S (mate-search-tool) - Mod4 + E (Open Caja / File Explorer) - CTRL + Shift + Esc (mate-system-monitor) - PRNT (Screenshot) All of the mentioned shortcuts could be used to spawn a file explorer (Caja) or various other binaries as user "lightdm", who owns the logon screen. Although an interactive terminal like mate-terminal, xterm, lxterm etc. could not be opened directly, there are various options to run commands as the lightdm user, for example by creating a shell script using "caja", and execute it directly using the GUI. I've attached Proof-of-Concept GIFs for all shortcuts mentioned above. There might be additional shortcuts that could be used to achieve the same, however I'm not aware about every shortcut that is configured, but I suppose that the root cause is located somewhere in arctica- greeter, rather than within every single binary launched by shortcuts. The bug was reproduced on a fresh installation of Ubuntu Mate 21.10. I haven't tested other versions of Ubuntu Mate yet. Please find additional version details below: $ apt-cache policy lightdm lightdm: Installed: 1.30.0-0ubuntu4 Candidate: 1.30.0-0ubuntu4 Version table: *** 1.30.0-0ubuntu4 500 500 http://de.archive.ubuntu.com/ubuntu impish/universe amd64 Packages 100 /var/lib/dpkg/status $ apt-cache policy arctica-greeter arctica-greeter: Installed: 0.99.1.5-2nmu1 Candidate: 0.99.1.5-2nmu1 Version table: *** 0.99.1.5-2nmu1 500 500 http://de.archive.ubuntu.com/ubuntu impish/universe amd64 Packages 100 /var/lib/dpkg/status Thanks, Basti To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/arctica-greeter/+bug/1948339/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1948339] Re: Logon screen can be bypassed using various shortcuts
That sounds great, thank you very much. I guess it's an optimal way to keep the marco look-and-feel and have it invoked securely at the same time. Could there be a scenario where arctica-greeter is upgraded on a system but marco is not? (e.g. arctica-greeter invoking "marco --no- keybindings" when a version of marco is installed that doesn't support this switch yet). I guess this would be a very rare edge case anyway. Is the Ubuntu CNA handling the CVE assignment for this issue automatically, or do I have to request a CVE-id? -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/1948339 Title: Logon screen can be bypassed using various shortcuts Status in arctica-greeter package in Ubuntu: In Progress Status in lightdm package in Ubuntu: Invalid Status in marco package in Ubuntu: In Progress Status in mate-settings-daemon package in Ubuntu: Invalid Bug description: Hi, my little daughter discovered a logon screen bypass in Ubuntu Mate 21.10 after hitting the keyboard for a while. It turns out that several keyboard shortcuts are allowed while Ubuntu Mate is locked (arctica-greeter): - Mod4 + S (mate-search-tool) - Mod4 + E (Open Caja / File Explorer) - CTRL + Shift + Esc (mate-system-monitor) - PRNT (Screenshot) All of the mentioned shortcuts could be used to spawn a file explorer (Caja) or various other binaries as user "lightdm", who owns the logon screen. Although an interactive terminal like mate-terminal, xterm, lxterm etc. could not be opened directly, there are various options to run commands as the lightdm user, for example by creating a shell script using "caja", and execute it directly using the GUI. I've attached Proof-of-Concept GIFs for all shortcuts mentioned above. There might be additional shortcuts that could be used to achieve the same, however I'm not aware about every shortcut that is configured, but I suppose that the root cause is located somewhere in arctica- greeter, rather than within every single binary launched by shortcuts. The bug was reproduced on a fresh installation of Ubuntu Mate 21.10. I haven't tested other versions of Ubuntu Mate yet. Please find additional version details below: $ apt-cache policy lightdm lightdm: Installed: 1.30.0-0ubuntu4 Candidate: 1.30.0-0ubuntu4 Version table: *** 1.30.0-0ubuntu4 500 500 http://de.archive.ubuntu.com/ubuntu impish/universe amd64 Packages 100 /var/lib/dpkg/status $ apt-cache policy arctica-greeter arctica-greeter: Installed: 0.99.1.5-2nmu1 Candidate: 0.99.1.5-2nmu1 Version table: *** 0.99.1.5-2nmu1 500 500 http://de.archive.ubuntu.com/ubuntu impish/universe amd64 Packages 100 /var/lib/dpkg/status Thanks, Basti To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/arctica-greeter/+bug/1948339/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1948339] Re: Logon screen can be bypassed using various shortcuts
** Changed in: arctica-greeter (Ubuntu) Status: Triaged => In Progress -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/1948339 Title: Logon screen can be bypassed using various shortcuts Status in arctica-greeter package in Ubuntu: In Progress Status in lightdm package in Ubuntu: Invalid Status in marco package in Ubuntu: In Progress Status in mate-settings-daemon package in Ubuntu: Invalid Bug description: Hi, my little daughter discovered a logon screen bypass in Ubuntu Mate 21.10 after hitting the keyboard for a while. It turns out that several keyboard shortcuts are allowed while Ubuntu Mate is locked (arctica-greeter): - Mod4 + S (mate-search-tool) - Mod4 + E (Open Caja / File Explorer) - CTRL + Shift + Esc (mate-system-monitor) - PRNT (Screenshot) All of the mentioned shortcuts could be used to spawn a file explorer (Caja) or various other binaries as user "lightdm", who owns the logon screen. Although an interactive terminal like mate-terminal, xterm, lxterm etc. could not be opened directly, there are various options to run commands as the lightdm user, for example by creating a shell script using "caja", and execute it directly using the GUI. I've attached Proof-of-Concept GIFs for all shortcuts mentioned above. There might be additional shortcuts that could be used to achieve the same, however I'm not aware about every shortcut that is configured, but I suppose that the root cause is located somewhere in arctica- greeter, rather than within every single binary launched by shortcuts. The bug was reproduced on a fresh installation of Ubuntu Mate 21.10. I haven't tested other versions of Ubuntu Mate yet. Please find additional version details below: $ apt-cache policy lightdm lightdm: Installed: 1.30.0-0ubuntu4 Candidate: 1.30.0-0ubuntu4 Version table: *** 1.30.0-0ubuntu4 500 500 http://de.archive.ubuntu.com/ubuntu impish/universe amd64 Packages 100 /var/lib/dpkg/status $ apt-cache policy arctica-greeter arctica-greeter: Installed: 0.99.1.5-2nmu1 Candidate: 0.99.1.5-2nmu1 Version table: *** 0.99.1.5-2nmu1 500 500 http://de.archive.ubuntu.com/ubuntu impish/universe amd64 Packages 100 /var/lib/dpkg/status Thanks, Basti To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/arctica-greeter/+bug/1948339/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1948339] Re: Logon screen can be bypassed using various shortcuts
** Changed in: marco (Ubuntu) Status: Triaged => In Progress -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/1948339 Title: Logon screen can be bypassed using various shortcuts Status in arctica-greeter package in Ubuntu: Triaged Status in lightdm package in Ubuntu: Invalid Status in marco package in Ubuntu: In Progress Status in mate-settings-daemon package in Ubuntu: Invalid Bug description: Hi, my little daughter discovered a logon screen bypass in Ubuntu Mate 21.10 after hitting the keyboard for a while. It turns out that several keyboard shortcuts are allowed while Ubuntu Mate is locked (arctica-greeter): - Mod4 + S (mate-search-tool) - Mod4 + E (Open Caja / File Explorer) - CTRL + Shift + Esc (mate-system-monitor) - PRNT (Screenshot) All of the mentioned shortcuts could be used to spawn a file explorer (Caja) or various other binaries as user "lightdm", who owns the logon screen. Although an interactive terminal like mate-terminal, xterm, lxterm etc. could not be opened directly, there are various options to run commands as the lightdm user, for example by creating a shell script using "caja", and execute it directly using the GUI. I've attached Proof-of-Concept GIFs for all shortcuts mentioned above. There might be additional shortcuts that could be used to achieve the same, however I'm not aware about every shortcut that is configured, but I suppose that the root cause is located somewhere in arctica- greeter, rather than within every single binary launched by shortcuts. The bug was reproduced on a fresh installation of Ubuntu Mate 21.10. I haven't tested other versions of Ubuntu Mate yet. Please find additional version details below: $ apt-cache policy lightdm lightdm: Installed: 1.30.0-0ubuntu4 Candidate: 1.30.0-0ubuntu4 Version table: *** 1.30.0-0ubuntu4 500 500 http://de.archive.ubuntu.com/ubuntu impish/universe amd64 Packages 100 /var/lib/dpkg/status $ apt-cache policy arctica-greeter arctica-greeter: Installed: 0.99.1.5-2nmu1 Candidate: 0.99.1.5-2nmu1 Version table: *** 0.99.1.5-2nmu1 500 500 http://de.archive.ubuntu.com/ubuntu impish/universe amd64 Packages 100 /var/lib/dpkg/status Thanks, Basti To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/arctica-greeter/+bug/1948339/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1948339] Re: Logon screen can be bypassed using various shortcuts
Sorry for the late reply on this issue. I only saw it a few days ago. I've spoken with the Arctica greeter developer and we've been working on a fix. The issue is this, Arctica Greeter requires a window manager and it invokes Marco, the window manager from MATE Desktop. Marco handles keybindings and by default has a number predefined. Ubuntu MATE adds a few more. This is why you are able to invoke applications bound to keybindings in Marco from Arctica Greeter. The proposed solution is to add a patch to Marco so that it can be invoked with keybindings disabled and then patch Arctica Greeter to invoke Marco with the argument to disable its keybindings. I will start preparing patched versions of Marco and Artica Greeter in a PPA for testing/validation. ** Changed in: arctica-greeter (Ubuntu) Status: New => Triaged ** Changed in: lightdm (Ubuntu) Status: New => Invalid ** Changed in: mate-settings-daemon (Ubuntu) Status: New => Invalid ** Also affects: marco (Ubuntu) Importance: Undecided Status: New ** Changed in: marco (Ubuntu) Status: New => Triaged ** Changed in: arctica-greeter (Ubuntu) Importance: Undecided => Critical ** Changed in: arctica-greeter (Ubuntu) Assignee: (unassigned) => Martin Wimpress (flexiondotorg) ** Changed in: marco (Ubuntu) Importance: Undecided => Critical ** Changed in: marco (Ubuntu) Assignee: (unassigned) => Martin Wimpress (flexiondotorg) ** No longer affects: ubuntu-mate -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/1948339 Title: Logon screen can be bypassed using various shortcuts Status in arctica-greeter package in Ubuntu: Triaged Status in lightdm package in Ubuntu: Invalid Status in marco package in Ubuntu: Triaged Status in mate-settings-daemon package in Ubuntu: Invalid Bug description: Hi, my little daughter discovered a logon screen bypass in Ubuntu Mate 21.10 after hitting the keyboard for a while. It turns out that several keyboard shortcuts are allowed while Ubuntu Mate is locked (arctica-greeter): - Mod4 + S (mate-search-tool) - Mod4 + E (Open Caja / File Explorer) - CTRL + Shift + Esc (mate-system-monitor) - PRNT (Screenshot) All of the mentioned shortcuts could be used to spawn a file explorer (Caja) or various other binaries as user "lightdm", who owns the logon screen. Although an interactive terminal like mate-terminal, xterm, lxterm etc. could not be opened directly, there are various options to run commands as the lightdm user, for example by creating a shell script using "caja", and execute it directly using the GUI. I've attached Proof-of-Concept GIFs for all shortcuts mentioned above. There might be additional shortcuts that could be used to achieve the same, however I'm not aware about every shortcut that is configured, but I suppose that the root cause is located somewhere in arctica- greeter, rather than within every single binary launched by shortcuts. The bug was reproduced on a fresh installation of Ubuntu Mate 21.10. I haven't tested other versions of Ubuntu Mate yet. Please find additional version details below: $ apt-cache policy lightdm lightdm: Installed: 1.30.0-0ubuntu4 Candidate: 1.30.0-0ubuntu4 Version table: *** 1.30.0-0ubuntu4 500 500 http://de.archive.ubuntu.com/ubuntu impish/universe amd64 Packages 100 /var/lib/dpkg/status $ apt-cache policy arctica-greeter arctica-greeter: Installed: 0.99.1.5-2nmu1 Candidate: 0.99.1.5-2nmu1 Version table: *** 0.99.1.5-2nmu1 500 500 http://de.archive.ubuntu.com/ubuntu impish/universe amd64 Packages 100 /var/lib/dpkg/status Thanks, Basti To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/arctica-greeter/+bug/1948339/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1948339] Re: Logon screen can be bypassed using various shortcuts
Exactly, so at the moment only the following are affected: - impish - jammy I've added a few comments to the arctica-greeter repo and issued a pull request that basically reverts the commit that introduced the weakness. However this still needs to be reviewed by the maintainers -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/1948339 Title: Logon screen can be bypassed using various shortcuts Status in Ubuntu MATE: New Status in arctica-greeter package in Ubuntu: New Status in lightdm package in Ubuntu: New Status in mate-settings-daemon package in Ubuntu: New Bug description: Hi, my little daughter discovered a logon screen bypass in Ubuntu Mate 21.10 after hitting the keyboard for a while. It turns out that several keyboard shortcuts are allowed while Ubuntu Mate is locked (arctica-greeter): - Mod4 + S (mate-search-tool) - Mod4 + E (Open Caja / File Explorer) - CTRL + Shift + Esc (mate-system-monitor) - PRNT (Screenshot) All of the mentioned shortcuts could be used to spawn a file explorer (Caja) or various other binaries as user "lightdm", who owns the logon screen. Although an interactive terminal like mate-terminal, xterm, lxterm etc. could not be opened directly, there are various options to run commands as the lightdm user, for example by creating a shell script using "caja", and execute it directly using the GUI. I've attached Proof-of-Concept GIFs for all shortcuts mentioned above. There might be additional shortcuts that could be used to achieve the same, however I'm not aware about every shortcut that is configured, but I suppose that the root cause is located somewhere in arctica- greeter, rather than within every single binary launched by shortcuts. The bug was reproduced on a fresh installation of Ubuntu Mate 21.10. I haven't tested other versions of Ubuntu Mate yet. Please find additional version details below: $ apt-cache policy lightdm lightdm: Installed: 1.30.0-0ubuntu4 Candidate: 1.30.0-0ubuntu4 Version table: *** 1.30.0-0ubuntu4 500 500 http://de.archive.ubuntu.com/ubuntu impish/universe amd64 Packages 100 /var/lib/dpkg/status $ apt-cache policy arctica-greeter arctica-greeter: Installed: 0.99.1.5-2nmu1 Candidate: 0.99.1.5-2nmu1 Version table: *** 0.99.1.5-2nmu1 500 500 http://de.archive.ubuntu.com/ubuntu impish/universe amd64 Packages 100 /var/lib/dpkg/status Thanks, Basti To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-mate/+bug/1948339/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1948339] Re: Logon screen can be bypassed using various shortcuts
hirsute (21.04) is EOL, but Thank you for your research @Bastian ** Tags removed: hirsute -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/1948339 Title: Logon screen can be bypassed using various shortcuts Status in Ubuntu MATE: New Status in arctica-greeter package in Ubuntu: New Status in lightdm package in Ubuntu: New Status in mate-settings-daemon package in Ubuntu: New Bug description: Hi, my little daughter discovered a logon screen bypass in Ubuntu Mate 21.10 after hitting the keyboard for a while. It turns out that several keyboard shortcuts are allowed while Ubuntu Mate is locked (arctica-greeter): - Mod4 + S (mate-search-tool) - Mod4 + E (Open Caja / File Explorer) - CTRL + Shift + Esc (mate-system-monitor) - PRNT (Screenshot) All of the mentioned shortcuts could be used to spawn a file explorer (Caja) or various other binaries as user "lightdm", who owns the logon screen. Although an interactive terminal like mate-terminal, xterm, lxterm etc. could not be opened directly, there are various options to run commands as the lightdm user, for example by creating a shell script using "caja", and execute it directly using the GUI. I've attached Proof-of-Concept GIFs for all shortcuts mentioned above. There might be additional shortcuts that could be used to achieve the same, however I'm not aware about every shortcut that is configured, but I suppose that the root cause is located somewhere in arctica- greeter, rather than within every single binary launched by shortcuts. The bug was reproduced on a fresh installation of Ubuntu Mate 21.10. I haven't tested other versions of Ubuntu Mate yet. Please find additional version details below: $ apt-cache policy lightdm lightdm: Installed: 1.30.0-0ubuntu4 Candidate: 1.30.0-0ubuntu4 Version table: *** 1.30.0-0ubuntu4 500 500 http://de.archive.ubuntu.com/ubuntu impish/universe amd64 Packages 100 /var/lib/dpkg/status $ apt-cache policy arctica-greeter arctica-greeter: Installed: 0.99.1.5-2nmu1 Candidate: 0.99.1.5-2nmu1 Version table: *** 0.99.1.5-2nmu1 500 500 http://de.archive.ubuntu.com/ubuntu impish/universe amd64 Packages 100 /var/lib/dpkg/status Thanks, Basti To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-mate/+bug/1948339/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1948339] Re: Logon screen can be bypassed using various shortcuts
Hi all, narrowed it down and found out that arctica-greeter is invoking "marco" to make handling of windows opened by some of the indicators easier. However marco listens for any keybindings and that's the reason why keybindings are working on the logon screen. The affected code path was introduced with arctica-greeter 0.99.1.1 (Feb 6, 2019) and is located in https://github.com/ArcticaProject/arctica- greeter/blob/master/src/arctica-greeter.vala. I've also added a comment to the issue within the arctica-greeter repo. Should be a straight forward fix. Cheers, Basti -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/1948339 Title: Logon screen can be bypassed using various shortcuts Status in Ubuntu MATE: New Status in arctica-greeter package in Ubuntu: New Status in lightdm package in Ubuntu: New Status in mate-settings-daemon package in Ubuntu: New Bug description: Hi, my little daughter discovered a logon screen bypass in Ubuntu Mate 21.10 after hitting the keyboard for a while. It turns out that several keyboard shortcuts are allowed while Ubuntu Mate is locked (arctica-greeter): - Mod4 + S (mate-search-tool) - Mod4 + E (Open Caja / File Explorer) - CTRL + Shift + Esc (mate-system-monitor) - PRNT (Screenshot) All of the mentioned shortcuts could be used to spawn a file explorer (Caja) or various other binaries as user "lightdm", who owns the logon screen. Although an interactive terminal like mate-terminal, xterm, lxterm etc. could not be opened directly, there are various options to run commands as the lightdm user, for example by creating a shell script using "caja", and execute it directly using the GUI. I've attached Proof-of-Concept GIFs for all shortcuts mentioned above. There might be additional shortcuts that could be used to achieve the same, however I'm not aware about every shortcut that is configured, but I suppose that the root cause is located somewhere in arctica- greeter, rather than within every single binary launched by shortcuts. The bug was reproduced on a fresh installation of Ubuntu Mate 21.10. I haven't tested other versions of Ubuntu Mate yet. Please find additional version details below: $ apt-cache policy lightdm lightdm: Installed: 1.30.0-0ubuntu4 Candidate: 1.30.0-0ubuntu4 Version table: *** 1.30.0-0ubuntu4 500 500 http://de.archive.ubuntu.com/ubuntu impish/universe amd64 Packages 100 /var/lib/dpkg/status $ apt-cache policy arctica-greeter arctica-greeter: Installed: 0.99.1.5-2nmu1 Candidate: 0.99.1.5-2nmu1 Version table: *** 0.99.1.5-2nmu1 500 500 http://de.archive.ubuntu.com/ubuntu impish/universe amd64 Packages 100 /var/lib/dpkg/status Thanks, Basti To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-mate/+bug/1948339/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1948339] Re: Logon screen can be bypassed using various shortcuts
** Tags removed: groovy ** Tags added: jammy -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/1948339 Title: Logon screen can be bypassed using various shortcuts Status in Ubuntu MATE: New Status in arctica-greeter package in Ubuntu: New Status in lightdm package in Ubuntu: New Status in mate-settings-daemon package in Ubuntu: New Bug description: Hi, my little daughter discovered a logon screen bypass in Ubuntu Mate 21.10 after hitting the keyboard for a while. It turns out that several keyboard shortcuts are allowed while Ubuntu Mate is locked (arctica-greeter): - Mod4 + S (mate-search-tool) - Mod4 + E (Open Caja / File Explorer) - CTRL + Shift + Esc (mate-system-monitor) - PRNT (Screenshot) All of the mentioned shortcuts could be used to spawn a file explorer (Caja) or various other binaries as user "lightdm", who owns the logon screen. Although an interactive terminal like mate-terminal, xterm, lxterm etc. could not be opened directly, there are various options to run commands as the lightdm user, for example by creating a shell script using "caja", and execute it directly using the GUI. I've attached Proof-of-Concept GIFs for all shortcuts mentioned above. There might be additional shortcuts that could be used to achieve the same, however I'm not aware about every shortcut that is configured, but I suppose that the root cause is located somewhere in arctica- greeter, rather than within every single binary launched by shortcuts. The bug was reproduced on a fresh installation of Ubuntu Mate 21.10. I haven't tested other versions of Ubuntu Mate yet. Please find additional version details below: $ apt-cache policy lightdm lightdm: Installed: 1.30.0-0ubuntu4 Candidate: 1.30.0-0ubuntu4 Version table: *** 1.30.0-0ubuntu4 500 500 http://de.archive.ubuntu.com/ubuntu impish/universe amd64 Packages 100 /var/lib/dpkg/status $ apt-cache policy arctica-greeter arctica-greeter: Installed: 0.99.1.5-2nmu1 Candidate: 0.99.1.5-2nmu1 Version table: *** 0.99.1.5-2nmu1 500 500 http://de.archive.ubuntu.com/ubuntu impish/universe amd64 Packages 100 /var/lib/dpkg/status Thanks, Basti To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-mate/+bug/1948339/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1948339] Re: Logon screen can be bypassed using various shortcuts
Thanks :) I haven't registered a CVE yet and I'm waiting for final confirmation which components are causing the described issue. Happy to contribute to the ArcticaProject issue tracker directly. As you also mentioned I can confirm that the affected arctica-greeter version is present in the following versions of Ubuntu Mate: Ubuntu Mate 20.10 - Groovy Gorilla Ubuntu Mate 21.04 - Hirsute Hippo Ubuntu Mate 21.10 - Impish Indri It doesn't seem to work for 20.04 - Focal Fossa. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/1948339 Title: Logon screen can be bypassed using various shortcuts Status in Ubuntu MATE: New Status in arctica-greeter package in Ubuntu: New Status in lightdm package in Ubuntu: New Status in mate-settings-daemon package in Ubuntu: New Bug description: Hi, my little daughter discovered a logon screen bypass in Ubuntu Mate 21.10 after hitting the keyboard for a while. It turns out that several keyboard shortcuts are allowed while Ubuntu Mate is locked (arctica-greeter): - Mod4 + S (mate-search-tool) - Mod4 + E (Open Caja / File Explorer) - CTRL + Shift + Esc (mate-system-monitor) - PRNT (Screenshot) All of the mentioned shortcuts could be used to spawn a file explorer (Caja) or various other binaries as user "lightdm", who owns the logon screen. Although an interactive terminal like mate-terminal, xterm, lxterm etc. could not be opened directly, there are various options to run commands as the lightdm user, for example by creating a shell script using "caja", and execute it directly using the GUI. I've attached Proof-of-Concept GIFs for all shortcuts mentioned above. There might be additional shortcuts that could be used to achieve the same, however I'm not aware about every shortcut that is configured, but I suppose that the root cause is located somewhere in arctica- greeter, rather than within every single binary launched by shortcuts. The bug was reproduced on a fresh installation of Ubuntu Mate 21.10. I haven't tested other versions of Ubuntu Mate yet. Please find additional version details below: $ apt-cache policy lightdm lightdm: Installed: 1.30.0-0ubuntu4 Candidate: 1.30.0-0ubuntu4 Version table: *** 1.30.0-0ubuntu4 500 500 http://de.archive.ubuntu.com/ubuntu impish/universe amd64 Packages 100 /var/lib/dpkg/status $ apt-cache policy arctica-greeter arctica-greeter: Installed: 0.99.1.5-2nmu1 Candidate: 0.99.1.5-2nmu1 Version table: *** 0.99.1.5-2nmu1 500 500 http://de.archive.ubuntu.com/ubuntu impish/universe amd64 Packages 100 /var/lib/dpkg/status Thanks, Basti To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-mate/+bug/1948339/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1948339] Re: Logon screen can be bypassed using various shortcuts
Upstream is now informed via https://github.com/ArcticaProject/arctica-greeter/issues/28 . I cited this bug there. Bastian Kanbach (bkanbach), you are welcome to add more comments there. ** Bug watch added: github.com/ArcticaProject/arctica-greeter/issues #28 https://github.com/ArcticaProject/arctica-greeter/issues/28 ** Bug watch added: github.com/canonical/lightdm/issues #214 https://github.com/canonical/lightdm/issues/214 -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/1948339 Title: Logon screen can be bypassed using various shortcuts Status in Ubuntu MATE: New Status in arctica-greeter package in Ubuntu: New Status in lightdm package in Ubuntu: New Status in mate-settings-daemon package in Ubuntu: New Bug description: Hi, my little daughter discovered a logon screen bypass in Ubuntu Mate 21.10 after hitting the keyboard for a while. It turns out that several keyboard shortcuts are allowed while Ubuntu Mate is locked (arctica-greeter): - Mod4 + S (mate-search-tool) - Mod4 + E (Open Caja / File Explorer) - CTRL + Shift + Esc (mate-system-monitor) - PRNT (Screenshot) All of the mentioned shortcuts could be used to spawn a file explorer (Caja) or various other binaries as user "lightdm", who owns the logon screen. Although an interactive terminal like mate-terminal, xterm, lxterm etc. could not be opened directly, there are various options to run commands as the lightdm user, for example by creating a shell script using "caja", and execute it directly using the GUI. I've attached Proof-of-Concept GIFs for all shortcuts mentioned above. There might be additional shortcuts that could be used to achieve the same, however I'm not aware about every shortcut that is configured, but I suppose that the root cause is located somewhere in arctica- greeter, rather than within every single binary launched by shortcuts. The bug was reproduced on a fresh installation of Ubuntu Mate 21.10. I haven't tested other versions of Ubuntu Mate yet. Please find additional version details below: $ apt-cache policy lightdm lightdm: Installed: 1.30.0-0ubuntu4 Candidate: 1.30.0-0ubuntu4 Version table: *** 1.30.0-0ubuntu4 500 500 http://de.archive.ubuntu.com/ubuntu impish/universe amd64 Packages 100 /var/lib/dpkg/status $ apt-cache policy arctica-greeter arctica-greeter: Installed: 0.99.1.5-2nmu1 Candidate: 0.99.1.5-2nmu1 Version table: *** 0.99.1.5-2nmu1 500 500 http://de.archive.ubuntu.com/ubuntu impish/universe amd64 Packages 100 /var/lib/dpkg/status Thanks, Basti To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-mate/+bug/1948339/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1948339] Re: Logon screen can be bypassed using various shortcuts
Lightdm - https://github.com/canonical/lightdm/issues/214 . -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/1948339 Title: Logon screen can be bypassed using various shortcuts Status in Ubuntu MATE: New Status in arctica-greeter package in Ubuntu: New Status in lightdm package in Ubuntu: New Status in mate-settings-daemon package in Ubuntu: New Bug description: Hi, my little daughter discovered a logon screen bypass in Ubuntu Mate 21.10 after hitting the keyboard for a while. It turns out that several keyboard shortcuts are allowed while Ubuntu Mate is locked (arctica-greeter): - Mod4 + S (mate-search-tool) - Mod4 + E (Open Caja / File Explorer) - CTRL + Shift + Esc (mate-system-monitor) - PRNT (Screenshot) All of the mentioned shortcuts could be used to spawn a file explorer (Caja) or various other binaries as user "lightdm", who owns the logon screen. Although an interactive terminal like mate-terminal, xterm, lxterm etc. could not be opened directly, there are various options to run commands as the lightdm user, for example by creating a shell script using "caja", and execute it directly using the GUI. I've attached Proof-of-Concept GIFs for all shortcuts mentioned above. There might be additional shortcuts that could be used to achieve the same, however I'm not aware about every shortcut that is configured, but I suppose that the root cause is located somewhere in arctica- greeter, rather than within every single binary launched by shortcuts. The bug was reproduced on a fresh installation of Ubuntu Mate 21.10. I haven't tested other versions of Ubuntu Mate yet. Please find additional version details below: $ apt-cache policy lightdm lightdm: Installed: 1.30.0-0ubuntu4 Candidate: 1.30.0-0ubuntu4 Version table: *** 1.30.0-0ubuntu4 500 500 http://de.archive.ubuntu.com/ubuntu impish/universe amd64 Packages 100 /var/lib/dpkg/status $ apt-cache policy arctica-greeter arctica-greeter: Installed: 0.99.1.5-2nmu1 Candidate: 0.99.1.5-2nmu1 Version table: *** 0.99.1.5-2nmu1 500 500 http://de.archive.ubuntu.com/ubuntu impish/universe amd64 Packages 100 /var/lib/dpkg/status Thanks, Basti To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-mate/+bug/1948339/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1948339] Re: Logon screen can be bypassed using various shortcuts
Your daughter does good work :) Thanks ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/1948339 Title: Logon screen can be bypassed using various shortcuts Status in Ubuntu MATE: New Status in arctica-greeter package in Ubuntu: New Status in lightdm package in Ubuntu: New Status in mate-settings-daemon package in Ubuntu: New Bug description: Hi, my little daughter discovered a logon screen bypass in Ubuntu Mate 21.10 after hitting the keyboard for a while. It turns out that several keyboard shortcuts are allowed while Ubuntu Mate is locked (arctica-greeter): - Mod4 + S (mate-search-tool) - Mod4 + E (Open Caja / File Explorer) - CTRL + Shift + Esc (mate-system-monitor) - PRNT (Screenshot) All of the mentioned shortcuts could be used to spawn a file explorer (Caja) or various other binaries as user "lightdm", who owns the logon screen. Although an interactive terminal like mate-terminal, xterm, lxterm etc. could not be opened directly, there are various options to run commands as the lightdm user, for example by creating a shell script using "caja", and execute it directly using the GUI. I've attached Proof-of-Concept GIFs for all shortcuts mentioned above. There might be additional shortcuts that could be used to achieve the same, however I'm not aware about every shortcut that is configured, but I suppose that the root cause is located somewhere in arctica- greeter, rather than within every single binary launched by shortcuts. The bug was reproduced on a fresh installation of Ubuntu Mate 21.10. I haven't tested other versions of Ubuntu Mate yet. Please find additional version details below: $ apt-cache policy lightdm lightdm: Installed: 1.30.0-0ubuntu4 Candidate: 1.30.0-0ubuntu4 Version table: *** 1.30.0-0ubuntu4 500 500 http://de.archive.ubuntu.com/ubuntu impish/universe amd64 Packages 100 /var/lib/dpkg/status $ apt-cache policy arctica-greeter arctica-greeter: Installed: 0.99.1.5-2nmu1 Candidate: 0.99.1.5-2nmu1 Version table: *** 0.99.1.5-2nmu1 500 500 http://de.archive.ubuntu.com/ubuntu impish/universe amd64 Packages 100 /var/lib/dpkg/status Thanks, Basti To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-mate/+bug/1948339/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
