[Bug 1777415] Re: Local authorization bypass by using suspend mode

[Nicolas Göddel]

> Jonathan Polak (jpolak) wrote on 2018-07-09: 
> I confirm it affects Mate 18.04 as well.
> 
> Moreover, a new bug on mate 18.04, plugging in an HDMI screen upon receiving the lockscreen,
> sometimes allows you to bypass it completely.

I know this bug since years. When setting my Thinkpad on the
Dockingstation while it was sleeping it sometimes happens that the
gnome-shell just starts without asking for a password. And I don't even
have to extract the harddisk. I remember some guys of the ubuntu
community told me years ago that's a known issue with Xorg and gnome-
shell. I did not file a bug or was looking for a known bug because it
happened very seldom but the bug persisted many years and I don't know
if it was fixed until now for sure.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to pam in Ubuntu.
https://bugs.launchpad.net/bugs/1777415

Title:
  Local authorization bypass by using suspend mode

Status in Unity:
  New
Status in pam package in Ubuntu:
  Confirmed
Status in unity package in Ubuntu:
  Confirmed

Bug description:
  Version: Ubuntu 16.04.04 LTS Desktop, all packets are updated at 15.06.2018
  Affects: access to latest user opened applications, that can contain sensitive information (documents, private information, passwords, etc.)
  How to reproduce:
  1. open some applications (LibreOffice, browsers, editors, ...)
  2. go to suspend mode
  3. extract hard drive
  4. wake up
  5. after that can be several behaviors:
   * Ubuntu show lock screen. Enter ANY password -> access granted.
   * Ubuntu show lock screen. Enter ANY password, access denied. Fast press the hardware shutdown button -> access granted.
   * Ubuntu does not show lock screen, only black screen. We can repeat actions like in previous paragraphs

To manage notifications about this bug go to:
https://bugs.launchpad.net/unity/+bug/1777415/+subscriptions