Ubuntu 14.04 security problem in the lock screen

2014.04.27
Credit: Robert
Risk: Medium
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

So both the linked branches built in silo 8, and when I tested it, this is what I found: 1. start unity 2. open terminal (Ctrl+alt+T) 3. type 'sleep 15 && killall -9 compiz' 4. lock screen observe: screen locks, then unity crashes, then unity restarts locked. so far so good. 5. issue the same command in the terminal again 6. lock the screen again observe: screen locks, then unity crashes... and doesn't come back. I'm told this is not a regression (eg it's known that unity does not restart after the first crash) however this is significant because when unity does not restart, that terminal just stays open right there, and while it doesn't respond to keyboard input, it does respond to mouse input, so it's possible to issue commands as the logged-in user by copy & pasting (eg, select some text, right click -> copy, right click -> paste). So if I'm an attacker and I'm in a position to trigger a crash in compiz, the whole "restarting locked" thing seems kind of weak, because all I have to do is crash compiz... twice. Granted the unity-free UI is quite limited, maybe there's a browser open and I can access the user's email, or whatever. it's still an attack vector.

References:

https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1308572
http://seclists.org/oss-sec/2014/q2/179


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top