Which files, when missing, cause this to happen? Can you provide strace
output of the failing process?
This seems unlikely to be due to PAM, which has fairly well exercised
error handling and is designed to fail closed; but it's possible there
is a bug in the configuration of PAM for one or more
> Jonathan Polak (jpolak) wrote on 2018-07-09:
> I confirm it affects Mate 18.04 as well.
>
> Moreover, a new bug on mate 18.04, plugging in an HDMI screen upon receiving
> the lockscreen,
> sometimes allows you to bypass it completely.
I know this bug since years. When setting my Thinkpad on t
Is this bug affecting gnome-screensaver and mate-screensaver only?
light-locker is fork of gnome-screensaver, too, but I could not
reproduce the bug in Xubuntu using light-locker.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https:/
Jarno, sorry, that was a typo on my part. It looks like mate's
screenlocker is mate-screensaver.
Thanks
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1777415
Title:
Local authorization bypass by us
Seth, what do you mean by Xfce's screenslocking package? Ubuntu Mate
18.04 does not contain light-locker package by default:
http://cdimage.ubuntu.com/ubuntu-mate/releases/18.04/release/ubuntu-
mate-18.04-desktop-amd64.manifest
What is the screenlocking package for Mate?
--
You received this bug
** Tags added: xenial
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1777415
Title:
Local authorization bypass by using suspend mode
To manage notifications about this bug go to:
https://bugs.launch
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: pam (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1777415
Title:
Local
Markus Laire,
Yes, the bug is exploitable even with full disk encryption. Among other things,
if there's an open instant messaging app, an attacker can send a message which
would appear as if it was sent by the authenticated user.
--
You received this bug notification because you are a member o
** Also affects: pam (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1777415
Title:
Local authorization bypass by using suspend mode
To manage not
"... having physical access means an attacker could simply access the
hard disk directly or replace the password on it ..."
Does this bug work when using full disk encryption? If yes, then ABOVE
QUOTE IS WRONG since having physical access does NOT mean having access
to hard disk contents if hard d
This bug has been tested on:
* Ubuntu 14.04
* Ubuntu 16.04
* Ubuntu 16.10
* Ubuntu 17.04
All of them are affected.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1777415
Title:
Local authorization by
The system must not give an access to the system with wrong passwords,
in any case! Dear Ubuntu developers, please pay attention. Don't ignore
the issue.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1
Jonathan, please file a new bug against xfce's screenlocking package
with instructions for reproducing, hopefully someone will know how to
address it.
Paul, this issue is likely to affect far more than just Ubuntu,
programmers are in general not expecting IO errors at every syscall
interface.
Tha
I confirm it affects Mate 18.04 as well.
Moreover, a new bug on mate 18.04, plugging in an HDMI screen upon
receiving the lockscreen, sometimes allows you to bypass it completely.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https:
Is this just affecting Ubuntu 16.04.4 or all Linux distros and all
Ubuntu versions?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1777415
Title:
Local authorization bypass by using suspend mode
To
If this bug is result of errors on filesystem, it can manifest itself
due to hardware failure. If system grants access to user data because of
a minor filesystem malfunction, it's a problem.
I believe that screensaver should handle exceptions in the underlying
libraries in such a way to prevent un
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: unity (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1777415
Title:
Loca
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1777415
Title:
Local authorization bypass by using suspend mode
To manage notifica
18 matches
Mail list logo
