Author Topic: Lock Screen insecure  (Read 6609 times)

Offline Partymack711

  • Newly Subscribed
  • *
  • Posts: 12
  • Karma: 0
  • New Forum User
    • View Profile
  • Peppermint version(s): 7
Lock Screen insecure
« on: December 15, 2016, 12:37:32 am »
Hi,

I'm using Pep 7 and have it set up that it prompts fir a password on booting up.

When I put it in 'suspend' and later return Pep allows me unrestricted access to my desktop for about 3 seconds, then locks out the desktop and requires password to access.

This is a very annoying and worrying lack of security, particularly as I use my laptop in open office.

This is surely a bug - is there a way I can ensure locked means locked?

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26452
  • Karma: 65531
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
Re: Lock Screen insecure
« Reply #1 on: December 15, 2016, 03:39:47 am »
I'm not sure it's supposed to lock at all after suspend (?)

Would you like to try either a different powermanager .. which may or may not be the cause (if anything is locking the screen after suspend it would be the power manager)

or

changing from i3lock to something like light-locker

?
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline murraymint

  • Trusted User
  • Veteran
  • *****
  • Posts: 2180
  • Karma: 457
  • soft boiled with a yolk of gold
    • View Profile
  • Peppermint version(s): 7, 8, 9
Re: Lock Screen insecure
« Reply #2 on: December 15, 2016, 05:44:17 am »
Confirming that it does screenlock after suspend as default behaviour, and depending on system speed there is a slight delay before the screenlock kicks in.

Offline Partymack711

  • Newly Subscribed
  • *
  • Posts: 12
  • Karma: 0
  • New Forum User
    • View Profile
  • Peppermint version(s): 7
Re: Lock Screen insecure
« Reply #3 on: December 16, 2016, 02:02:10 am »
Thanks PC/Murray,

To me this seems like a bug - the 'lock' screen isn't effective if it lets people compromise the 'lock'.

Could it really be dependant on system speed?  Surely if it wakes from susoend it should just wake on lock. The fact it takes 2 - 5 seconds seems  bizarre.

I'm struggling to see the point if the lock screen if it's not secure.

Offline murraymint

  • Trusted User
  • Veteran
  • *****
  • Posts: 2180
  • Karma: 457
  • soft boiled with a yolk of gold
    • View Profile
  • Peppermint version(s): 7, 8, 9
Re: Lock Screen insecure
« Reply #4 on: December 16, 2016, 04:04:47 am »
It's definitely a second or less on this Core i5 laptop so it must depend on speed. Ideally it would lock before suspending, not after waking. Didn't Peppermint 6 use to work that way?

My typing speed is pretty good but even I'd struggle to do much hacking of your PC in one to three seconds before I got locked out. If you mean security of people viewing your documents, you could minimise them. I agree it's not an ideal situation but I don't see it as a massive risk either...

Offline emegra

  • Administrator
  • Veteran
  • *****
  • Posts: 1946
  • Karma: 450
  • New Forum User
    • View Profile
  • Peppermint version(s): Peppermint 10 64bit
Re: Lock Screen insecure
« Reply #5 on: December 16, 2016, 04:06:36 am »
Hi Partymack

Looks like tis may be a bug you're certainly not the first to notice it

https://bugs.launchpad.net/ubuntu/+source/unity-2d/+bug/830348

Although according to this poage there's a reason for it

https://wiki.archlinux.org/index.php/I3


Quote
Note:

    sleep 1 adds a small delay to prevent possible race conditions with suspend [4]
    The -i argument for systemctl poweroff causes a shutdown even if other users are logged-in (this requires polkit), or when logind (wrongly) assumes so. [5]



Graeme
If you can keep your head while all around are losing theirs then you're not quite grasping the situation

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26452
  • Karma: 65531
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
Re: Lock Screen insecure
« Reply #6 on: December 16, 2016, 06:03:50 pm »
How exactly are you guys entering "suspend" ?

When I go the Peppermint logout screen and choose suspend, my machine is locked BEFORE it goes into suspend.  :-\
(so is obviously still locked on resume)
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline murraymint

  • Trusted User
  • Veteran
  • *****
  • Posts: 2180
  • Karma: 457
  • soft boiled with a yolk of gold
    • View Profile
  • Peppermint version(s): 7, 8, 9
Re: Lock Screen insecure
« Reply #7 on: December 17, 2016, 02:24:56 am »
Also from the logout menu. When I resume the menu is still visible, then the desktop, then it quickly blurs and the lock comes up.

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26452
  • Karma: 65531
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
Re: Lock Screen insecure
« Reply #8 on: December 17, 2016, 02:51:35 am »
Okay let's be clear about this .. are you saying, when you go to suspend via the screen below your PC doesn't lock BEFORE going into suspend ?

For clarity - Mine VIISIBLY locks the screen before going into suspend, so when it resumes the lock is still ON

WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline murraymint

  • Trusted User
  • Veteran
  • *****
  • Posts: 2180
  • Karma: 457
  • soft boiled with a yolk of gold
    • View Profile
  • Peppermint version(s): 7, 8, 9
Re: Lock Screen insecure
« Reply #9 on: December 17, 2016, 04:11:04 am »
Yes, exactly. I can't understand why mine and the OP's are working differently to yours.


Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26452
  • Karma: 65531
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
Re: Lock Screen insecure
« Reply #10 on: December 17, 2016, 05:16:10 am »
I'll try a vanilla install in case it's something I've changed on my system.....

[EDIT]

Ah, right on a vanilla install I'm seeing the same behaviour .. now I need to figure out what's different on the 2 PC's
« Last Edit: December 17, 2016, 05:19:03 am by PCNetSpec »
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26452
  • Karma: 65531
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
Re: Lock Screen insecure
« Reply #11 on: December 17, 2016, 05:14:20 pm »
Try this...

Open a terminal and run:
Code: [Select]
sudo pluma /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xmlwhen a BLANK file opens, make it read:-
Code: [Select]
<?xml version="1.0" encoding="UTF-8"?>

<channel name="xfce4-session" version="1.0">
  <property name="shutdown" type="empty">
    <property name="LockScreen" type="bool" value="true"/>
  </property>
</channel>
SAVE the file and exit pluma

Now run:
Code: [Select]
rm -v ~/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml(don't worry if that last command fails, it just means the file wasn't already present .. just carry on below)

Now try entering suspend from the Peppermint logout dialog.

This time did you see it lock the screen BEFORE going into suspend ? .. and does it resume still locked ?
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline murraymint

  • Trusted User
  • Veteran
  • *****
  • Posts: 2180
  • Karma: 457
  • soft boiled with a yolk of gold
    • View Profile
  • Peppermint version(s): 7, 8, 9
Re: Lock Screen insecure
« Reply #12 on: December 18, 2016, 04:53:39 am »
No, that didn't make any difference for me. I even rebooted and tried again just to make sure.

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26452
  • Karma: 65531
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
Re: Lock Screen insecure
« Reply #13 on: December 18, 2016, 11:53:28 am »
Can we test something to see if it's just the i3lock-fancy script taking too long.

Run:
Code: [Select]
sudo pluma /usr/bin/lxlockfind the section:-
Code: [Select]
elif which i3lock >/dev/null; then
    /usr/lib/i3lock-fancy/i3lock-fancy
and change to
Code: [Select]
elif which i3lock >/dev/null; then
    i3lock -c 000000 -i /usr/share/peppermint/images/i3lock-bg-2.png -t
#    /usr/lib/i3lock-fancy/i3lock-fancy
SAVE the file, and test suspend/resume.

DO NOT REBOOT .. if you reboot, /usr/bin/lxlock will get replaced with the stock Peppermint version and you'll have to reapply the edit .. you can log off/on just NOT reboot.

For now I just wanna know if that puts the lock on before suspend (so it's on at resume) ?
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline murraymint

  • Trusted User
  • Veteran
  • *****
  • Posts: 2180
  • Karma: 457
  • soft boiled with a yolk of gold
    • View Profile
  • Peppermint version(s): 7, 8, 9
Re: Lock Screen insecure
« Reply #14 on: December 18, 2016, 12:28:43 pm »
No, it doesn't. I get the same preview of the desktop on resume before the lattice background comes up.