Hi all,
thanks a lot, I upgraded to MATE 22.04 and could confirm that marco is
no longer recognising its keybindings.
---
However I discovered a second issue some minutes ago:
I installed MATE 22.04 on another system with some special keys on the
keyboard and one of the keys (Fn + F9) on the
This bug was fixed in the package marco - 1.26.0-3ubuntu1
---
marco (1.26.0-3ubuntu1) jammy; urgency=medium
* debian/patches:
+ Add 1000_add-no-keybindings.patch (LP: #1948339)
-- Martin Wimpress Tue, 12 Apr 2022 10:28:18 +0100
** Changed in: marco (Ubuntu)
Status:
This bug was fixed in the package arctica-greeter - 0.99.1.5-2nmu3
---
arctica-greeter (0.99.1.5-2nmu3) jammy; urgency=medium
* debian/patches:
+ Add 2002_shutdown-dialog-font.patch. (LP: #1916770)
* debian/control:
+ Version Recommends: marco (>= 1.26.0-3~) (LP:
@bkanbach I can version marco Recommends ensuring both packages update
in lockstep. I have spoken to the Ubuntu Security team and they will
handle the CVE assignment.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
** Changed in: arctica-greeter (Ubuntu)
Status: In Progress => Fix Committed
** Changed in: marco (Ubuntu)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
That sounds great, thank you very much. I guess it's an optimal way to
keep the marco look-and-feel and have it invoked securely at the same
time.
Could there be a scenario where arctica-greeter is upgraded on a system
but marco is not? (e.g. arctica-greeter invoking "marco --no-
keybindings"
** Changed in: arctica-greeter (Ubuntu)
Status: Triaged => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1948339
Title:
Logon screen can be bypassed using various
** Changed in: marco (Ubuntu)
Status: Triaged => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1948339
Title:
Logon screen can be bypassed using various shortcuts
To
Sorry for the late reply on this issue. I only saw it a few days ago.
I've spoken with the Arctica greeter developer and we've been working on
a fix.
The issue is this, Arctica Greeter requires a window manager and it
invokes Marco, the window manager from MATE Desktop. Marco handles
keybindings
Exactly, so at the moment only the following are affected:
- impish
- jammy
I've added a few comments to the arctica-greeter repo and issued a pull
request that basically reverts the commit that introduced the weakness.
However this still needs to be reviewed by the maintainers
--
You
hirsute (21.04) is EOL, but Thank you for your research @Bastian
** Tags removed: hirsute
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1948339
Title:
Logon screen can be bypassed using
Hi all,
narrowed it down and found out that arctica-greeter is invoking "marco"
to make handling of windows opened by some of the indicators easier.
However marco listens for any keybindings and that's the reason why
keybindings are working on the logon screen.
The affected code path was
** Tags removed: groovy
** Tags added: jammy
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1948339
Title:
Logon screen can be bypassed using various shortcuts
To manage notifications about
Thanks :)
I haven't registered a CVE yet and I'm waiting for final confirmation
which components are causing the described issue. Happy to contribute
to the ArcticaProject issue tracker directly.
As you also mentioned I can confirm that the affected arctica-greeter
version is present in the
Upstream is now informed via
https://github.com/ArcticaProject/arctica-greeter/issues/28 . I cited this bug
there.
Bastian Kanbach (bkanbach), you are welcome to add more comments there.
** Bug watch added: github.com/ArcticaProject/arctica-greeter/issues #28
Lightdm - https://github.com/canonical/lightdm/issues/214 .
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1948339
Title:
Logon screen can be bypassed using various shortcuts
To manage
Your daughter does good work :)
Thanks
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1948339
Title:
Logon screen can be
17 matches
Mail list logo