Linux Mint fixes screensaver bypass discovered by two kids

shmu26

Level 85
Verified
Trusted
Content Creator
Jul 3, 2015
8,072

Linux Mint fixes screensaver bypass discovered by two kids​

Two children playing on their dad's computer accidentally found a way to bypass the screensaver and access locked systems.

The Linux Mint project has patched this week a security flaw that could have allowed a threat actor to bypass the OS screensaver and its password and access locked desktops.

This particularly nasty security flaw was discovered by two kids playing on their dad's computer, according to a bug report on GitHub.

Also: Best VPNsBest security keys

"A few weeks ago, my kids wanted to hack my Linux desktop, so they typed and clicked everywhere while I was standing behind them looking at them play," wrote a user identifying themselves as robo2bobo.

According to the bug report, the two kids pressed random keys on both the physical and on-screen keyboards, which eventually led to a crash of the Linux Mint screensaver, allowing the two access to the desktop.

"I thought it was a unique incident, but they managed to do it a second time," the user added.

BUG SOURCE: PRESSING THE Ē KEY ON THE OSK​

According to Linux Mint lead developer Clement Lefebvre, the issue was eventually tracked down to libcaribou, the on-screen keyboard (OSK) component that ships with Cinnamon, the desktop interface used by Linux Mint.

More specifically, the bug occurs when users press the "ē" key on the on-screen keyboard.

But while in most scenarios, the bug crashes the Cinnamon desktop process, if the on-screen keyboard is opened from the screensaver, the bug crashes the screensaver instead, allowing users to access the underlying desktop.

 

Lightning_Brian

Level 15
Verified
Content Creator
Sep 1, 2017
731
I love Mint! Nice distro of Linux for sure. Runs really good on most computers - even some older ones too.

Crazy bug for sure though! Cannot recommend it enough -keep up on them' updates of your distro. Being too lax' can and will end up in some not so cool stuff happening. Funny how the bug was discovered though. Great post @shmu26!

~Brian
 
Top