Red Hat Bugzilla – Bug 1154107
CVE-2014-7300 gnome-shell: lockscreen bypass with printscreen key [rhel-7.1]
Last modified: 2015-05-20 11:17:57 EDT
+++ This bug was initially created as a clone of Bug #1147917 +++ It was discovered [1] that PrtSc key is not disabled when the screen is locked. Taking a bunch of screenshots at once bloats gnome-shell to the point where it's pretty easy to get it targeted by the kernel's oom-killer. This means that anyone with access to the keyboard of a locked GNOME session can (briefly) disable the lockscreen, which lets them see and interact with the running gnome session. This might be fixed in gnome-shell 3.14.1, some patches available in the original bugreport [1]. [1]: https://bugzilla.gnome.org/show_bug.cgi?id=737456 --- Additional comment from Murray McAllister on 2014-10-02 22:17:43 EDT --- Created gnome-shell tracking bugs for this issue: Affects: fedora-all [bug 1149039] --- Additional comment from Vasyl Kaigorodov on 2014-10-06 07:00:52 EDT --- CVE-2014-7300 was assigned for: "PrtSc is an unauthenticated request that's available to untrusted parties. A series of requests can consume a large amount of memory. The combination of this PrtSc behavior and the existence of the oom-killer allows authentication bypass for command execution. Therefore, the product must limit the aggregate memory consumption of all active requests, and the lack of this limit is a vulnerability." http://seclists.org/oss-sec/2014/q4/91
With gnome-shell-3.8.4-45.el7, I am seeing that PrntScrn is still enabled on the lock screen, but holding it down for 2+ minutes did not cause a crash and subsequent security breach. Is the fix that PrtScrn is disabled on the lock screen or something else?
I believe the fix is to disable multiple concurrent screenshots at a time. So now it only allows one at a time so it can't overwhelm the system.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-0535.html
(In reply to Ray Strode [halfline] from comment #4) > I believe the fix is to disable multiple concurrent screenshots at a time. > So now it only allows one at a time so it can't overwhelm the system. That was indeed the original fix that went into 7.1. Upstream there was also an accompanying gnome-settings-daemon change that disabled screenshots altogether when locked, however I don't think it was backported to RHEL. The desktop rebase in 7.2 will bring it in though.