*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Marc Deslauriers
(mdeslaur):
Binary package hint: gdm
00[ Environment - two user accounts open. Switching between the accounts
is being done using the gnome-panel applet identified as "Log Out" (it
has a default icon of a white portrait with an orange hand)
01] The switcher displays clearly and in full focus the desktop and open
windows of the target (the account TO which the switch was requested)
02] After slightly less than a full second, the screen changes to black,
with the correct (if cosmetically quite ugly) authentification screen.
WHAT I EXPECTED TO HAPPEN: not to get a an unauthorized glimpse at the
potentially private desktop and open windows of another user, without
any authentification. I suppose James Bond might have a sneaky camera
hidden in his cell phone to photograph or video the event and squeal to
the Brits. Then where would we all be?
But seriously, it is a security compromise, and the duration might
variable, or possibly be able to modified to be variable.
ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: gdm 2.30.2.is.2.30.0-0ubuntu3 [modified:
usr/share/gdm/gdm-greeter-login-window.ui]
ProcVersionSignature: Ubuntu 2.6.32-24.39-hostname 2.6.32.15+drm33.5
Uname: Linux 2.6.32-24-generic i686
Architecture: i386
Date: Mon Aug 16 01:26:39 2010
InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release i386 (20100429)
ProcEnviron:
LANG=en_US.utf8
SHELL=/bin/bash
SourcePackage: gdm
** Affects: gdm (Ubuntu)
Importance: Undecided
Status: New
** Tags: apport-bug i386 lucid
--
gdm user switcher allows desktop preview w/o passwd
https://bugs.edge.launchpad.net/bugs/618517
You received this bug notification because you are a member of Ubuntu Bugs,
which is a direct subscriber.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
