*** This bug is a security vulnerability ***
Public security bug reported:
This has happened twice for me in Ubuntu GNOME 16.10:
- I close my laptop lid, making it suspend
- some time later I open the laptop
- I expect to see the lock screen; instead I see my desktop session
- desktop is not responsive for a couple of seconds, then there's the zooming
animation you get when you restart gnome-shell
- a couple of minutes later Apport pops up a dialog telling me that gnome-shell
received signal 11 and died, but the problem is "unreportable" because a couple
of unrelated packages (e.g. gnome-control-center) aren't up to date
This bug is about the fact that a segfault in gnome-shell leaves the
desktop session unlocked. Previously, when gnome-shell crashed at the
login screen and was restarted, the new gnome-shell would also present a
lock screen, leaving just a tiny window of vulnerability that would let
someone see my desktop session but probably not enough time to type
anything into any of the applications.
I'm not sure yet how to make gnome-shell segfault on demand (I suspect
monitor hot-plugging/hot-unplugging might have something to do with it),
but if anyone figures it out, it would have serious security
implications.
ProblemType: Bug
DistroRelease: Ubuntu 16.10
Package: gnome-shell 3.20.4-0ubuntu1
ProcVersionSignature: Ubuntu 4.8.0-26.28-generic 4.8.0
Uname: Linux 4.8.0-26-generic x86_64
NonfreeKernelModules: zfs zunicode zcommon znvpair zavl
ApportVersion: 2.20.3-0ubuntu8
Architecture: amd64
CurrentDesktop: GNOME
Date: Fri Oct 28 16:44:56 2016
DisplayManager: gdm3
InstallationDate: Installed on 2016-09-10 (48 days ago)
InstallationMedia: Ubuntu-GNOME 16.04.1 LTS "Xenial Xerus" - Release amd64
(20160720)
SourcePackage: gnome-shell
UpgradeStatus: Upgraded to yakkety on 2016-10-15 (12 days ago)
** Affects: gnome-shell (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug yakkety
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1637519
Title:
gnome-shell segfaults on resume, leaving my session unlocked
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/1637519/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
