Dock and top bar accessible from lockscreen
Affected version
- Ubuntu 20.04
- 3.36.2-1ubuntu1~20.04.1
- XOrg
Bug summary
Daniel van Vugt (vanvugt) over at Ubuntu Launchpad asked me to file this bug report here. You can find the conversation with screenshots and many more details here: https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/1882353
I can't replicate this issue reliably. It happened "at random" and it didn't happen again since I filed this report. It's just that it wasn't the first time it happened and I saw others have similar issues. That is why I reported it.
When I lock my desktop with SUPER (windows) + L my screen gets locked and goes to black. Sometimes when I return to my PC and move my mouse to turn my screen back on I notice that the Ubuntu Dock + the Top Bar are accessible from the lockscreen.
I unfortunately can't remember if they were accessible from the moment I locked the screen or became accessible after returning from fade to black. (This is not the first time this issue happened.)
I was able to open the settings menu from the top bar and use all indicators. You can actually start the programs in the Ubuntu Dock and give keyboard inputs to them. For example I was able to start the terminal emulator from the lock screen and run firefox and other applications. So an attacker could run arbitrary commands with user privileges from the lockscreen!
The indicators drop down menus were fully visible on the lock screen while the Dock applications remained hidden "behind" the lockscreen (however still accessible via keyboard as described above).
Steps to reproduce
- Lock the screen with Super.
- Let the screen fade to black.
- Return to the screen and move mouse courser to resume from fade o black.
- Dock and top are now visible and can be interacted with.
What happened
Dock and top bar are visible and accessible without entering a password.
What did you expect to happen
Dock and top bar are neither visible nor accessible until the correct password is provided.
Relevant logs, screenshots, screencasts etc.
Please see https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/1882353