Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#40259 - [mate-session-manager] user-switch does not lock (security issue)
Attached to Project:
Community Packages
Opened by René Herman (rene) - Wednesday, 07 May 2014, 17:44 GMT
Last edited by Balló György (City-busz) - Friday, 16 May 2014, 11:47 GMT
Opened by René Herman (rene) - Wednesday, 07 May 2014, 17:44 GMT
Last edited by Balló György (City-busz) - Friday, 16 May 2014, 11:47 GMT
|
DetailsDescription:
NB: I'm filing this against mate-session-manager (1.8.1-2) since I believe that is the right component, but a general MATE maintainer may know better. On the MATE forums, we are finding that on both Arch Linux and Fedora -- but not Gentoo -- switching user from the MATE logout-dialog ("System | Log out <user>") does not lock the desktop of the user that is being switched away from. The discussion is here: http://forums.mate-desktop.org/viewtopic.php?f=2&t=3043&sid=2a340e59639636086c65fe906948c441 This can be a fairly serious security issue on a multi-user machine, where user A will generally not realise that a user B that he switched away for only needs to VT-switch to A's VT to get to A's fully unlocked desktop. Originally I wasn't sure if it was LightDM or MATE, or maybe even by design, but it is by now confirmed that this does not generally happen. Not with LightDM+2xMATE on Gentoo, and not with LightDM+2xCinnamon on Fedora, but that it does happen on Arch Linux and on Fedora when the session that is being switched away from is MATE. As such, it seems that the MATE user-switch path is missing a necessary lock call. I should at this point note that this has always been the same with LXDM+Xfce which I used previously. There, I was aware of the issue and had disabled VT switching in X -- which makes it somewhat less of a problem but doesn't solve it. I could also swear I had tested this to no longer be neccesary after switching to LightDM+MATE but it certainly is again now and I would not know what I could've changed myself. Also, as noted, this happens on Fedora as well and might even be a generic DBus issue I guess, where Gentoo does *something* different at that level that makes this problem not appear there. User "Nice&Gently" in the MATE discussion (the/a Fedora MATE developper) posted an explicit 5-step recipe to reproduce as the 4th reply in that disccusion. I was in discussion with him asked to file this here, and he will be pursueing the Fedora side of things, with a link to the report here. I have little time to spend, but can generally test... Additional info: mate-session-manager 1.8.1-2 mate-panel 1.8.0-3 dbus 1.8.0-1 Steps to reproduce: Paste from Nice&Gently in the MATE discussion: === Full steps to reproduce: 1. login from lightdm to mate session 1 2. use the logout dialog to switch to another user account 3. login as another user to a second mate session 2 4. switch with crtl-alt-f1 from session 2 to session 1 5. switch back with crtl-alt-f2 from session 1 to session 2 for step 4 and 5 i don't need a password to switch the user account. === |
This task depends upon
Could you confirm something? I suppose you are using LightDM -- does this also work more than one time for you?
That is: I just "reset" my system as far back to the newly-installed state as I could think of. Completely (arch-)default LightDM config, no "accountsservice" installed, default stock Arch kernel. I log in user "rene" (to a MATE session), switch from its logout-dialog (System | Log Out rene...) to another user "otheruser" and while in otheruser's MATE desktop, hit Ctrl-Alt-F1.
I now get a mate-screensaver lock-sceen -- but only once. That is, once I now unlock rene's desktop with the password, I can hit Ctrl-Alt-F2/F1 to switch between the two user's desktops without any lock-screen appearing.
I didn't get that lock-screen even once before resetting stuff as per the above, so it seems there might be something pretty involved diagnosis-wise going on. Can you confirm that you in your case get that lock screen always and not just once? And if you are using a standard or custom kernel, LightDM, accountservice, any non-default LightDM config, ..., anything else you can think of?
$ gsettings set org.mate.screensaver lock-enabled true
It's normal, when you switch back with Ctrl+Alt+F1, and unlock the first session, then you can switch between the sessions with Ctrl+Alt+F1/F2 without typing the password. You should lock them again with Ctrl+Alt+L before hit Ctrl+Alt+F2 if you want to protect them.
I'm running LightDM with `accounts-daemon.service` enabled and running. I followed the steps to reproduce but was presented with a login dialogue when swtiching from session 2 to session 1, switching back from the locked sessiosn1 to the current session 2 didn't present a login dialogue which is correct since I had locked or switched away from that sessiosn.
You describe the following:
"I now get a mate-screensaver lock-sceen -- but only once. That is, once I now unlock rene's desktop with the password, I can hit Ctrl-Alt-F2/F1 to switch between the two user's desktops without any lock-screen appearing."
That is the intended behaviour as you have not switched away from, nor locked, a session. Until you switch away from or lock the a session or the screen lock timeout is reached you will be able to freely switch between the sessions without seeing a login dialogue.
If you are sure that something is screwy, then please report this problem to the upstream project:
https://github.com/mate-desktop/mate-session-manager/issues