*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Seth Arnold (seth-arnold):
This is a very serious security issue:
When I lock my desktop with SUPER (windows) + L my screen gets locked
and goes to black. Sometimes when I return to my PC and move my mouse to
turn my screen back on I notice that the Ubuntu Dock + the Top Bar are
accessible from the lockscreen.
I unfortunately can't remember if they were accessible from the moment I
locked the screen or became accessible after returning from fade to
black. (This is not the first time this issue happened.)
I was able to open the settings menu from the top bar and use all
indicators. You can actually start the programs in the Ubuntu Dock and
give keyboard inputs to them. For example I was able to start the
terminal emulator from the lock screen and run firefox and other
applications. So an attacker could run arbitrary commands with user
privileges from the lockscreen!
The indicators drop down menus were fully visible on the lock screen
while the Dock applications remained hidden "behind" the lockscreen
(however still accessible via keyboard as described above).
I have attached a screenshot of the bug. I unfortunately had no camera
at hand to film me running terminal commands.
Please contact me if you need additional information.
ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: gnome-shell-extension-ubuntu-dock 67ubuntu20.04.5
ProcVersionSignature: Ubuntu 5.4.0-33.37-generic 5.4.34
Uname: Linux 5.4.0-33-generic x86_64
NonfreeKernelModules: nvidia_modeset nvidia
ApportVersion: 2.20.11-0ubuntu27.2
Architecture: amd64
CasperMD5CheckResult: skip
CurrentDesktop: ubuntu:GNOME
Date: Sat Jun 6 13:35:28 2020
InstallationDate: Installed on 2015-12-22 (1627 days ago)
InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Release amd64 (20151021)
PackageArchitecture: all
SourcePackage: gnome-shell-extension-ubuntu-dock
UpgradeStatus: Upgraded to focal on 2020-04-25 (42 days ago)
modified.conffile..etc.default.apport: [modified]
mtime.conffile..etc.default.apport: 2015-12-23T12:07:53.769719
** Affects: gnome-shell-extension-ubuntu-dock (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug focal
--
Ubuntu Dock and Top bar accessible from lockscreen
https://bugs.launchpad.net/bugs/1882353
You received this bug notification because you are a member of Ubuntu Bugs,
which is subscribed to the bug report.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
