*** This bug is a security vulnerability ***
Public security bug reported:
Since upgrading to GNOME 3.20 on Ubuntu GNOME 16.04 I have noticed
something rather worrying which has occurred twice so far, this is what
I have observed:
1. After opening my laptop lid the screen either goes black or displays
a frozen state of the shield opening or something similar
2. Then it suddenly shows Firefox (the last window I had open, though I
did minimize it before suspending my machine my closing the laptop lid)
and actually allows me to use my mouse to interact with it by going to a
new tab, or really anything I want, I haven't tried to see if I am able
to type in this state yet or not, but I will update this report the next
time I manage to test it out. This is obviously a really bad thing for
security as for at least 20 long seconds (each time it occurs it seems
to last longer) it logs you straight back in and bypasses the login
screen, though for some reason the title part of the window and
everything above that are completely black as if someone just put a big
black box over them.
3. I then suddenly see black and no Firefox (this black only lasts for a
short period though), then I see what I see when I would normally log in
for the first time (my background image coming in with that getting
larger image with the top bar at the top of it), and then it's back to
the normal locked screen as it should be.
The sequence of events (what I see on my screen) seems to vary between
occasions, but the ability to interact with my machine without having to
log in stays even though it at some point does register that it should
really be taking me to the locked screen. And I have checked and if I
for instance open a new tab and go to one of my bookmarks in Firefox
during this strange bypassing period, when I properly log back in again
(and find Firefox minimized as I left it) I find that that tab is still
open so the changes are real and lasting.
** Affects: gnome-shell
Importance: Unknown
Status: Unknown
** Affects: ubuntu-gnome
Importance: Undecided
Status: New
** Affects: gnome-shell (Ubuntu)
Importance: Undecided
Status: New
** Tags: xenial
** Information type changed from Public to Public Security
** Also affects: gnome-shell (Ubuntu)
Importance: Undecided
Status: New
** Bug watch added: GNOME Bug Tracker #767180
https://bugzilla.gnome.org/show_bug.cgi?id=767180
** Also affects: gnome-shell via
https://bugzilla.gnome.org/show_bug.cgi?id=767180
Importance: Unknown
Status: Unknown
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1588521
Title:
Login screen bypassed for at least 20 seconds after awakening machine
from suspend
To manage notifications about this bug go to:
https://bugs.launchpad.net/gnome-shell/+bug/1588521/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
