[BUG] Lockscreen backdoor

pop-os / cosmic-epoch

Next generation Cosmic desktop environment

3.1k stars 82 forks source link

[BUG] Lockscreen backdoor #1214

Open LavaHeron opened 2 days ago

LavaHeron commented 2 days ago

Cosmic-files version: 0.1.0~1730233777~22.04~20f9292 (Pop!_OS 24.04 LTS - COSMIC Alpha 3)

Issue/Bug description: If you turn on the lock screen Super + Esc and then use the standby button. You have to wait until the system is in standby, then wake it up, and you are in an unlocked system. If I do this several times in a row, it leads to 100% usage of my RAM and the system crashes.

Steps to reproduce: Press Super + Esc (lock screen) > Press the standby button > Wait until the system is asleep > Wake it up > System is unlocked

Expected behavior: The lock screen remains locked after standby.

Other notes:

jokeyrhyme commented 2 days ago

When you say "standby button", do you mean your system hibernates or suspends?

Or are you talking about the button on your monitor?

LavaHeron commented 1 day ago

As soon as you are on the lock screen, the user and password field is displayed on the right and a clock is displayed on the left. Below that clock are 4 buttons. I mean the 4th button with the little crescent moon on it.

I'm not sure if the button triggers a sleep or a hibernation state.

I don't mean the physical button on the PC or the button on the monitor, but of course the monitor switches off/goes into standby too because there is no longer a signal coming from the PC. That's why I added the reference to cosmic-greeter#151.

jokeyrhyme commented 5 hours ago

Okay, it looks like in alpha 3 (on my system at least) that button is hardcoded to suspend, and doesn't auto-select hibernation as a fallback if suspend is disabled

So, I had to unlock, and then run systemctl hibernate in a terminal

I did see the cosmic-greeter lock screen take over immediately, then the screen turned off for a bit, then turned back on but nothing was responsive, then the entire system turned off

Then, when I booted, it correctly resumed from hibernation and cosmic-greeter was the first thing I saw after that, and I had to put in my passphrase to unlock

I wonder if some combination of cosmic-greeter and suspend/resume on your system is enough to change the way it behaves in this regard? I wouldn't have thought suspend to be significantly different from a userland software perspective, but I guess it is?