Attached debdiff between trusty-updates and SRU. ** Description changed:
- Hi, + [Impact and Test Case] Steps to reproduce: 1 - Lock the screen 2 - From the lockscreen, tell the computer to shut down / restart Expected behavior: * Session programs are closed while the screen is still locked * During shutdown, no user interaction is possible Observed behavior: * The lockscreen is gone immediately, with the rest of compiz (e.g. window decorations are not present) * But it's possible to interact with programs that are still running in the session for about 3 seconds Observed on an updated Trusty machine, running unity version 7.2.2+14.04.20140714-0ubuntu1.1 I consider this bug a security vulnerability because during those 3 seconds it could be possible to access and interact with sensitive information. Yes, it's short, but you could take a picture or even rm -rf / if there happened to be a root console available. + + [Regression Potential] + + An improper implementation of the fix for this issue could result in an + indefinite hang during system shutdown, or could result in the problem + not being completely fixed and the security vulnerability continuing. + + Neither appear to be the case. + + [ Other Info ] + + The Ubuntu 14.04 LTS SRU has been cherry-picked from upstream Unity + where it has been in development-level production code in Ubuntu 'Vivid + Vervet' development release for a few months and has not display + additional problems. ** Patch added: "debdiff between unity_7.2.3+14.04.20140826-0ubuntu1 and unity_7.2.4+14.04.20141217-0ubuntu1" https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1370017/+attachment/4289404/+files/unity_7.2.4%2B14.04.20141217-0ubuntu1.debdiff ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1370017 Title: Unity Lockscreen shows unlocked desktop while shutting down To manage notifications about this bug go to: https://bugs.launchpad.net/unity/+bug/1370017/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
