Bug#980071: gnome-shell: Using suspend in the gnome-shell power off/log out menu does log out and suspend in the wrong order
A Ozbay
ago_debianbug at protonmail.com
Thu Jan 14 20:03:37 GMT 2021
First of all, sorry if I inaccurately classified this as a vulnerability - I've been a Debian user for some time but only very recently started to report bugs.
I looked through journalctl output and saw this which looked out of ordinary:
Jan 13 22:59:29 snorlax gnome-shell[2475]: JS ERROR: Error getting systemd inhibitor: Gio.IOErrorEnum: GDBus.Error:org.freedesktop.login1.OperationInProgress: The operation inhibition has been requested for is already running
_promisify/proto[asyncFunc]/</<@resource:///org/gnome/gjs/modules/core/overrides/Gio.js:435:45
### Promise created here: ###
inhibit at resource:///org/gnome/shell/misc/loginManager.js:196:35
_syncInhibitor at resource:///org/gnome/shell/ui/screenShield.js:203:32
_setActive at resource:///org/gnome/shell/ui/screenShield.js:157:14
_completeDeactivate at resource:///org/gnome/shell/ui/screenShield.js:565:14
onComplete at resource:///org/gnome/shell/ui/screenShield.js:542:36
_makeEaseCallback/<@resource:///org/gnome/shell/ui/environment.js:84:13
_easeActor/<@resource:///org/gnome/shell/ui/environment.js:167:64
I am not sure if this would crash the shell.
Other than that, I also noticed that this happens only on Xorg, and not on Wayland. Disabling Gnome Shell Extensions did not improve the situation on Xorg.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Thursday, January 14, 2021 9:10 AM, Simon McVittie <smcv at debian.org> wrote:
> On Wed, 13 Jan 2021 at 23:31:40 +0000, A Ozbay wrote:
>
> > When I use the suspend option in the power off/log out menu, gnome-shell
> > first logs me off, as if I clicked log off instead. Then, when I enter my
> > password on this screen, my computer enters suspend mode. Upon resuming
> > my pc from suspend, I am logged into my user account without a password
> > prompt.
>
> I suspect this is a GNOME Shell crash during screen locking. Please check
> the system log (systemd journal) around the time that you suspended for
> error and warning messages.
>
> That behaviour is consistent with this sequence of events:
>
> - You ask to suspend, but it takes a while for that to happen on your
> particular hardware
>
> - GNOME Shell starts to prepare to suspend (locks the screen, etc.)
> - Something goes wrong and the Shell crashes
> - This ends your login session, taking you back to the gdm login screen
> - You enter your password and log in again, starting a new GNOME session
> - The new session is unaware that suspending is already in progress, so it
> does not have the opportunity to lock the screen before...
>
> - The suspend process finally finishes
> - The hardware suspends
>
> A Shell crash is definitely a bug, but is not a bug that is going to be
> solvable without more information:
>
> - What messages appear in the system log (systemd journal)?
> - Do you have any GNOME Shell extensions enabled?
>
> > This enables a person with physical access to the machine in a suspended
> > state to log into my account without any password required whatsoever
> > which is a grave security issue.
>
> You can avoid this by not entering your password while the machine is
> in a transitional state (already trying to suspend).
>
> If you believe you have discovered a security vulnerability that is not
> already known to the public, please report it privately, rather than
> reporting it to the public bug tracking system. However, I don't think
> this particular bug will be considered to be a security vulnerabilty.
>
> smcv
More information about the pkg-gnome-maintainers
mailing list