[Bug 1291547] [NEW] Locking the screen doesn't really lock under certain circumstances

[Donarsson]

Public bug reported:

When the screen is locked while an action causes a window to gain focus,
it allows full keyboard interaction with the locked session. I was able
to trigger this behaviour doing one of the following:

* Changing to a desktop with at least one window on it and, without releasing 
Ctrl+Alt, pressing L to lock the screen
* While dragging a window, lock the screen using the keyboard shortcut
* While Alt+Tab-ing, lock the screen without releasing the Alt key

In all cases, a window can gain focus after the screen was locked and all 
keyboard input goes to that window. Also, the window switcher remains fully 
functional and even shows the window previews like it would normally. It's even 
possible to open applications using keyboard shortcuts, for example a terminal.
To enter the password and unlock the session, the password field needs to be 
focused by opening and closing an indicator in the lockscreen and then clicking 
the password field.

While most of these actions aren't something a normal user would do,
they clearly show that the new lockscreen is far less secure than the
old one. The first trigger action is even something I've done in the
past during normal use, switching to a desktop and then locking the
session, so I would say there is at least a small "real" security risk
in this.

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: unity 7.1.2+14.04.20140311-0ubuntu1
ProcVersionSignature: Ubuntu 3.13.0-17.37-generic 3.13.6
Uname: Linux 3.13.0-17-generic x86_64
ApportVersion: 2.13.3-0ubuntu1
Architecture: amd64
CompizPlugins: No value set for 
`/apps/compiz-1/general/screen0/options/active_plugins'
CurrentDesktop: Unity
Date: Wed Mar 12 18:36:09 2014
InstallationDate: Installed on 2014-02-24 (16 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Alpha amd64 (20140223)
SourcePackage: unity
UpgradeStatus: No upgrade log present (probably fresh install)

** Affects: unity (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug lockscreen trusty

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1291547

Title:
  Locking the screen doesn't really lock under certain circumstances

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1291547/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs