With 2 monitors, after suspending, it is possible to skip the password

Bug #1368427 reported by Gabriel Salles Rousseau Guedes
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Unity
Fix Released
Critical
Marco Trevisan (Treviño)
7.2
Fix Released
Critical
Marco Trevisan (Treviño)
unity (Ubuntu)
Fix Released
Critical
Marco Trevisan (Treviño)
Nominated for Trusty by Marco Trevisan (Treviño)

Bug Description

Having a notebook with an extra monitor, after suspending the session, it is possible to skip the password.
My external monitor is connected through VGA, and I am able to reproduce this bug around 70-80% of the time (I don't know if it happens with an HDMI cable).
If I try to reproduce and the bug does not happen, I need to reboot the notebook so it can happen again.
I tried with different resolutions and "rotations" for the monitor and the bug still happens.
The external monitor needs to be configured to be on the left of the notebook, or the bug will not happen.

It is so many steps to make it happen, that I made a short video explaining.

https://www.youtube.com/watch?v=FYzz32K6q10

ps.; The video is "unlisted", so only with the link is accessible.

Description: Ubuntu 14.04.1 LTS
Release: 14.04

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: gnome-screensaver 3.6.1-0ubuntu13
ProcVersionSignature: Ubuntu 3.13.0-36.63-generic 3.13.11.6
Uname: Linux 3.13.0-36-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.4
Architecture: amd64
CurrentDesktop: Unity
Date: Thu Sep 11 17:49:57 2014
GnomeSessionIdleInhibited: No
GnomeSessionInhibitors: None
GsettingsGnomeSession:
 org.gnome.desktop.session session-name 'ubuntu'
 org.gnome.desktop.session idle-delay uint32 1800
InstallationDate: Installed on 2014-04-12 (152 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Daily amd64 (20140411)
SourcePackage: gnome-screensaver
Symptom: security
Title: Screen locking issue
UpgradeStatus: No upgrade log present (probably fresh install)

Related branches

Revision history for this message
Gabriel Salles Rousseau Guedes (gabrielsalles-rg) wrote :
Revision history for this message
Marco Trevisan (Treviño) (3v1n0) wrote :

Thanks for the detailed test case, we'll get a solution ASAP.

affects: gnome-screensaver (Ubuntu) → unity (Ubuntu)
Changed in unity:
status: New → Triaged
Changed in unity (Ubuntu):
status: New → Triaged
Changed in unity:
importance: Undecided → Critical
Changed in unity (Ubuntu):
importance: Undecided → Critical
Changed in unity:
assignee: nobody → Marco Trevisan (Treviño) (3v1n0)
Changed in unity (Ubuntu):
assignee: nobody → Marco Trevisan (Treviño) (3v1n0)
Changed in unity:
milestone: none → 7.3.1
Changed in unity:
status: Triaged → In Progress
Changed in unity (Ubuntu):
status: Triaged → In Progress
Changed in unity:
status: In Progress → Fix Committed
Changed in unity (Ubuntu):
status: In Progress → Fix Released
Revision history for this message
Marco Trevisan (Treviño) (3v1n0) wrote :

Hi Gabriel,

The fix has been just backported to ubuntu Trusty proposed channel (debs at http://launchpad.net/ubuntu/+source/unity/7.2.4+14.04.20141217-0ubuntu1), can you please enable that repo (https://wiki.ubuntu.com/Testing/EnableProposed), and verify that this bug has been fixed?

Thanks!

Revision history for this message
Gabriel Salles Rousseau Guedes (gabrielsalles-rg) wrote :

Hello!

I tried yesterday night and with more effort this morning to reproduce this bug, but for me the bug is fixed (which is partially sad, because I was using as a feature when I didn't want to type the password =P).

Nice job, Marco!
Thanks! =]

Revision history for this message
Marco Trevisan (Treviño) (3v1n0) wrote :

Ahah.. LOL, now you're making me feeling sad cause I removed your loved secret feature... :P

Thanks for your testing!

tags: added: verification-done
Stephen M. Webb (bregma)
information type: Private Security → Public Security
Revision history for this message
Chris J Arges (arges) wrote : Update Released

The verification of the Stable Release Update for unity has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Stephen M. Webb (bregma)
Changed in unity:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.