Kids find a security flaw in Linux Mint by mashing keys

I find interesting that GNOME Screensaver&#x27;s security depends on it to not crash.<p>Meanwhile, in KDE the lock screen is managed by KDE Session Management Server which ensures that lock screen cannot be bypassed by simply crashing its process.<p>The way it works is follows: ksmserver draws a black rectangle over everything and spawns kscreenlocker. If kscreenlocker crashes, the black rectangle is still here, and ksmserver will spawn kscreenlocker again but this time with software rendering (just in case it crashed due to graphics driver issue). If kscreenlocker crashes four times then KDE Session Management Server gives up, stops respawning kscreenlocker and simply draws the following text on the screen.<p><pre><code> The screen locker is broken and unlocking is not possible anymore. In order to unlock switch to a virtual terminal (e.g. Ctrl+Alt+F2), log in and execute the command: loginctl unlock-session %1 Afterwards switch back to the running session (Ctrl+Alt+F%2). </code></pre> If ksmserver itself crashes then the entire session closes.<p>I&#x27;m not sure why GNOME screensaver cannot do something like this. Lock screen crashing seems like something inevitable (especially considering buggy graphic card drivers and so on), and it makes sense to prepare for it so that crashes won&#x27;t bypass the screen locker.

Does anyone know why lockscreens in Linux have been such a joke? I remember trying Ubuntu couple years ago and when waking up my laptop it would show me my entire desktop with all the information displayed right there in the open for about 10-20 seconds before suddenly engaging the lockscreen. All you had to do was close the lid and open it again and you could just copy whatever was on the screen before the lock screen appeared. I guess it&#x27;s because the lockscreen was a separate process that had to start up? Still, what an awful awful design.

Years ago I taught a high school typing class in a K-12 school. The school didn&#x27;t have the funds to get a commercial typing program so I wrote my own typing program. It evolved over time with features to help me track the students&#x27; progress etc. One day we had a school open house where all the parents could come to school. We had a bunch of different activities set up in different classrooms and I ended up getting assigned to the 3rd grade classroom to set up my typing program so anyone coming through could test their typing speed. It was a DOS program and I didn&#x27;t want people using anything other than my typing program, so I modified it so you couldn&#x27;t quit the typing program. Over the course of the day the 3rd graders were hanging out in their homeroom not really doing anything productive. Of course the computer was a novel attraction and they were just smashing keys and exploring my program&#x27;s UI. Eventually at one point I noticed that they had somehow crashed my program with a segfault in what had otherwise become a pretty stable piece of software. To this day I have absolutely no idea what the bug was.

Mi kid got around the lock screen of my mac. Twice.<p>It was 4-5 years ago when he was about 2. I had a 15+ character random password (a generated one including symbols etc) so the chances of him being lucky were rather slim. He was just mashing button on the lock screen for less than a minute when boom, I was suddenly signed in. The first time I thought it was a fluke. Then it happened again after a couple of months. After that I took my phone, sat him behind my computer and started to record him playing with the buttons but it never happened again and my hopes of getting a bug bounty from Apple vanished :(

Step 1: Gather timings of key presses from a lot of kids.<p>2: Use ML to learn how to simulate it.<p>3: Sell it as a service, labeling it KaaS.<p>4: Profit, then go to jail because of a misunderstanding.<p>But seriously, is there such a tool to automate this?

Margaret Hamilton&#x27;s daughter Lauren still takes the first place for &quot;kid fuzzing&quot; the AGC IMO <a href="https:&#x2F;&#x2F;wehackthemoon.com&#x2F;people&#x2F;margaret-hamilton-her-daughters-simulation" rel="nofollow">https:&#x2F;&#x2F;wehackthemoon.com&#x2F;people&#x2F;margaret-hamilton-her-daugh...</a><p>But this is pretty impressive as well!

For everyone linking the JWZ &quot;I Told You So&quot; post, the devs are aware of it and posted a response in the GitHub issue. I encourage everyone to read their side of the issue: <a href="https:&#x2F;&#x2F;github.com&#x2F;linuxmint&#x2F;cinnamon-screensaver&#x2F;issues&#x2F;354#issuecomment-762261555" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;linuxmint&#x2F;cinnamon-screensaver&#x2F;issues&#x2F;354...</a>

Physlock works comparatively well, but nothing can stop the omniscient stupidity of, eg ctrl-alt-del 10x (or similar) invoking reboot, which I&#x27;ve found no method of preventing. The general attitude encountered when seeking a solution to this madness is &quot;if someone has physical access, you&#x27;re pwned anyway&quot;, which is also supremely unimaginative and omnisciently stupid. This has gnawed at my cranial portions for years, and I now speak forth in due fury.<p><a href="https:&#x2F;&#x2F;linuxcommandlibrary.com&#x2F;man&#x2F;physlock" rel="nofollow">https:&#x2F;&#x2F;linuxcommandlibrary.com&#x2F;man&#x2F;physlock</a>

In middle school long ago, I was using one of the library search computers. They ran Windows XP and were locked down to the point where you couldn&#x27;t open anything except the software that was running and you had no access to the desktop. One day I was rapidly mashing the &quot;Search&quot; button in the native book-searching software they were using - for no reason at all - and it suddenly opened an Explorer window out of nowhere showing everything in the filesystem. I could reproduce it easily with rapid-enough clicks. I still have no idea why that happened.

My own anecdote:<p>My daughter was 1ish at the time, and I sat her down while I grabbed something from the fridge. Windows 98, locked. When I came back the screensaver was on, the password dialog was still up, <i>but the desktop was fully functional in front of it</i>. I could navigate, open applications, and everything else.<p>Still no idea how she did it, but that’s not the first or last time she surprised me :)

This reminds me of when I was about 14. I had a Tamagotchi which I had for a record amount of time. My niece, about 2 at the time wanted to see it so let her hold it. Within 1&#x2F;2 a second, she squeezed both buttons at the same time and crashed it.<p>My daughter managed to buy 24 hours of football pass with NowTV by pressing the same button repeatedly on the remote within about 5 seconds.<p>So a crash like this doesn&#x27;t surprise me.

For anyone interested there is something called fuzzing that uses <i>usually</i> code coverage based heuristics to generate data to find bugs.<p>For example LLVM&#x27;s lib fuzzer uses instrumentation to track code coverage and mutates data to find invalid behaviour.<p><a href="https:&#x2F;&#x2F;llvm.org&#x2F;docs&#x2F;LibFuzzer.html" rel="nofollow">https:&#x2F;&#x2F;llvm.org&#x2F;docs&#x2F;LibFuzzer.html</a><p>It uses a compiler pass to insert code to branch points functions calls etc. I think it uses genetic algorithms to increase coverage by changing the data.<p>There are others that work in similar ways one of them is. <a href="https:&#x2F;&#x2F;github.com&#x2F;google&#x2F;AFL" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;google&#x2F;AFL</a>

Another tangentially linked anecdote. We had build artefacts stored on a Samba shared drive, that were write protected, since some people regularly used to move them instead of copying them. Then one day, the latest build was gone again. We asked around to see whether someone had purposefully removed the build, but no. Turns out someone on Windows 10 had tried to cut and paste the file, but his computer had crashed before pasting. Apparently the permissions were only checked on paste, but the file was unlinked on cut?

Something about this exchange was extremely pleasing and calming to read, maybe I&#x27;m irony poisoned from overly loud social media. But this was so nice to read through.

Unless there&#x27;s something unbelievably wacky going on, this is why people use formal verification.<p>If you can describe your program as a state machine, you can ask an SMT solver to find any transitions that break stuff. Unfortunately it&#x27;s a lot harder to do for software than hardware because of the plasticity people expect from the former, but works it was it&#x27;s really nice.

Related: <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=25801693" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=25801693</a>

Keep in mind that screensavers aren&#x27;t the only untested dumpster fire on Linux Desktops (or ~ distributions in general).<p>The whole desktop architecture is out of date. I wouldn&#x27;t be surprised if someone argued that screensavers aren&#x27;t important because it&#x27;s just your user data exposed, the root account is still safe!

I enjoy to see my kid breaking software, POS terminals and causing ATMs to throw error windows. Nothing critical, just funny how random screen touching and keyboard mashing drives “serious” software crazy.<p>Fool-proof and child-proof software is yet to come.<p>Hire QA kids.

Hilarious, esp. if you have kids.<p>I see similar behavior with smartphones.<p>3 y.o. figure it out better than my parents because it seems their mindset is ‘do all the things’ to see what the i&#x2F;o structure is. Their brain is built that way when they are so young.

Not really the same, but I had fun back in high school. Finding the Novell messaging utility that let me send a message to (IIRC) anyone in the school board currently logged in, though not anonymously.<p>Using some a couple lines of VBScript to change a couple registry entries (computers didn&#x27;t persist storage anyways) you could also give your local admin privileges, to install stuff. That one got me in a touch of trouble, and I lost my account for a couple weeks while they &quot;looked at my files&quot;, because I stored it on my network drive folder.

Huh. Am I alone in that I consistently test for a massive ton of random key or screen presses? Either manually or through automation?

Linux Mint, and whatever it&#x27;s built on, has been disappointing to me. The most worrying thing I&#x27;ve experienced is that, when waking up from sleep, the unlocked screen will sometimes flash before showing the lockscreen. That is a huge no-no and really betrays the fallibility of whatever security measures are employed.

As an infosec person with no CVE&#x27;s stories like this make me feel like a complete failure. ¯\_(ツ)_&#x2F;¯

Who needs fancy fuzzing tools anyway?

I&#x27;m surprised nobody had &quot;ē&quot; in their password to notice this earlier.

I remember finding a very similar issue with XDM on a Sun 3&#x2F;60 back in about 1992. Just mash the keyboard while in the &#x27;password&#x27; field and it would eventually drop a root shell. Oops!

I worked at a finance co pa y in the early 00s.<p>The QA team had a test they called “the elbow test” where they did exactly this.<p>Just kind of put their elbow randomly on the keyboard to see if stuff would break.

The first computer I ever bricked was a my father&#x27;s work laptop running Windows 95. I was a toddler and wanted to press the buttons. Good to see the kids are still at it!

If you leave a Virtual Box window open with Windows (I&#x27;m not sure about other OS) it&#x27;ll bypass the lockscreen on Ubuntu, at least partially.

That reminded me of the Linux GRUB2 bug where you could press Backspace key 28 times and bypass all security. [1]<p>&gt;<i>The source of the vulnerability is nothing but an integer underflow fault that was introduced with single commit in Grub version 1.98 (December 2009) – b391bdb2f2c5ccf29da66cecdbfb7566656a704d – affecting the grub_password_get() function.</i><p>[1] <a href="https:&#x2F;&#x2F;thehackernews.com&#x2F;2015&#x2F;12&#x2F;hack-linux-grub-password.html" rel="nofollow">https:&#x2F;&#x2F;thehackernews.com&#x2F;2015&#x2F;12&#x2F;hack-linux-grub-password.h...</a>

I once had cat walk over my keybord and do hard reset on windows 95 in about 1 second.<p>No dialogs or confirmations. Just black screen and computer rebooting.

Is there an automated process security researchers use like this? Just mashes random buttons for hours until it finds vulnerabilities?

They learn so young these days! Never ceases to amaze me. They are totally set up for this industry. Would hire 10&#x2F;10.

The best part is the moved to physlock, specifically the version which you can bypass by hitting enter 3 times...

A piece of GNOME easily crashes and causes security issues?<p>Color me surprised! &#x2F;s

My cat previously unlocked OSX Leopard with a similar attack.

It works in the movies

So, is this an instance of the infinite monkey theorem?

Imagine if Jurassic Park was real and this happened...

There is no hope for us in this field, is there.

and they say, &quot;monkey testing&quot; is underrated

Meatspace fuzzing

warning: cat-like typing detected

Is this the old monkey testing technique?

Time to make a joke about Windows lock screens? Or perhaps not...

Well, the original definition of the word &quot;hacking&quot;. Hacking on keyboard to exploit keypress timings, key combinations and key buffer overflows.