The awful thing about getting it right the first time is that nobody realizes how hard it was.

Ubuntu security problem in the lock screen

I am running Ubuntu 14.04 with all the packages updated. When the screen is locked with password, if I hold ENTER after some seconds the screen freezes and the lock screen crashes. After that I have the computer fully unlocked.

You're using gnome-screensaver? Do you want ants? Because that's how you get ants.

I told you so, 2004 edition.

I told you so, 2005 edition.

Previously, previously, previously.


I've seen a few comments elsewhere about this saying things like, "So what, it was a bug, they've fixed it." That's really missing the point. The point is not that such a bug existed, but that such a bug was even possible. The real bug here is that the design of the system even permits this class of bug. It is unconscionable that someone designing a critical piece of security infrastructure would design the system in such a way that it does not fail safe.

Especially when I have given them 2+ decades of prior art demonstrating how to do it right, and a decade-old document clearly explaining What Not To Do that coincidentally used this very bug as it's illustrative strawman!

You must be this tall to work on security infrastructure. If you don't think this bug was a shameful embarrassment of design -- as opposed to merely bad code -- then please get out of the software industry.

Tags: , , , ,