Sorry for the late reply on this issue. I only saw it a few days ago.
I've spoken with the Arctica greeter developer and we've been working on
a fix.

The issue is this, Arctica Greeter requires a window manager and it
invokes Marco, the window manager from MATE Desktop. Marco handles
keybindings and by default has a number predefined. Ubuntu MATE adds a
few more. This is why you are able to invoke applications bound to
keybindings in Marco from Arctica Greeter.

The proposed solution is to add a patch to Marco so that it can be
invoked with keybindings disabled and then patch Arctica Greeter to
invoke Marco with the argument to disable its keybindings.

I will start preparing patched versions of Marco and Artica Greeter in a
PPA for testing/validation.

** Changed in: arctica-greeter (Ubuntu)
       Status: New => Triaged

** Changed in: lightdm (Ubuntu)
       Status: New => Invalid

** Changed in: mate-settings-daemon (Ubuntu)
       Status: New => Invalid

** Also affects: marco (Ubuntu)
   Importance: Undecided
       Status: New

** Changed in: marco (Ubuntu)
       Status: New => Triaged

** Changed in: arctica-greeter (Ubuntu)
   Importance: Undecided => Critical

** Changed in: arctica-greeter (Ubuntu)
     Assignee: (unassigned) => Martin Wimpress  (flexiondotorg)

** Changed in: marco (Ubuntu)
   Importance: Undecided => Critical

** Changed in: marco (Ubuntu)
     Assignee: (unassigned) => Martin Wimpress  (flexiondotorg)

** No longer affects: ubuntu-mate

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lightdm in Ubuntu.
https://bugs.launchpad.net/bugs/1948339

Title:
  Logon screen can be bypassed using various shortcuts

Status in arctica-greeter package in Ubuntu:
  Triaged
Status in lightdm package in Ubuntu:
  Invalid
Status in marco package in Ubuntu:
  Triaged
Status in mate-settings-daemon package in Ubuntu:
  Invalid

Bug description:
  Hi,

  my little daughter discovered a logon screen bypass in Ubuntu Mate
  21.10 after hitting the keyboard for a while.

  It turns out that several keyboard shortcuts are allowed while Ubuntu
  Mate is locked (arctica-greeter):

  - Mod4 + S (mate-search-tool)
  - Mod4 + E (Open Caja / File Explorer)
  - CTRL + Shift + Esc (mate-system-monitor)
  - PRNT (Screenshot)

  All of the mentioned shortcuts could be used to spawn a file explorer
  (Caja) or various other binaries as user "lightdm", who owns the logon
  screen.

  Although an interactive terminal like mate-terminal, xterm, lxterm
  etc. could not be opened directly, there are various options to run
  commands as the lightdm user, for example by creating a shell script
  using "caja", and execute it directly using the GUI.

  I've attached Proof-of-Concept GIFs for all shortcuts mentioned above.
  There might be additional shortcuts that could be used to achieve the
  same, however I'm not aware about every shortcut that is configured,
  but I suppose that the root cause is located somewhere in arctica-
  greeter, rather than within every single binary launched by shortcuts.

  The bug was reproduced on a fresh installation of Ubuntu Mate 21.10. I
  haven't tested other versions of Ubuntu Mate yet.

  Please find additional version details below:

  $ apt-cache policy lightdm

  lightdm:
    Installed: 1.30.0-0ubuntu4
    Candidate: 1.30.0-0ubuntu4
    Version table:
   *** 1.30.0-0ubuntu4 500
          500 http://de.archive.ubuntu.com/ubuntu impish/universe amd64 Packages
          100 /var/lib/dpkg/status

  $ apt-cache policy arctica-greeter

  arctica-greeter:
    Installed: 0.99.1.5-2nmu1
    Candidate: 0.99.1.5-2nmu1
    Version table:
   *** 0.99.1.5-2nmu1 500
          500 http://de.archive.ubuntu.com/ubuntu impish/universe amd64 Packages
          100 /var/lib/dpkg/status

  Thanks,
  Basti

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/arctica-greeter/+bug/1948339/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to