Bypass login and full access to personal information

[ghost]

 * Cinnamon version 4.4.8
   - I m a normal user 
 * Distribution - Linux Mint 19.3 Cinnamon
System:    Host: excogitatoris Kernel: 5.3.0-26-generic x86_64 bits: 64 compiler: gcc v: 7.4.0 
           Desktop: Cinnamon 4.4.8 wm: muffin dm: LightDM Distro: Linux Mint 19.3 Tricia 
           base: Ubuntu 18.04 bionic 
Machine:   Type: Desktop Mobo: ASRock model: J3455B-ITX serial: <filter> UEFI: American Megatrends 
           v: P1.20 date: 04/12/2017 
CPU:       Topology: Quad Core model: Intel Celeron J3455 bits: 64 type: MCP arch: Goldmont rev: 9 
           L2 cache: 1024 KiB 
           flags: lm nx pae sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx bogomips: 11980 
           Speed: 2196 MHz min/max: 800/2300 MHz Core speeds (MHz): 1: 2196 2: 2197 3: 2196 
           4: 2196 
Graphics:  Device-1: Intel vendor: ASRock driver: i915 v: kernel bus ID: 00:02.0 
           chip ID: 8086:5a85 
           Display: x11 server: X.Org 1.20.5 driver: modesetting unloaded: fbdev,vesa 
           resolution: 1280x1024~60Hz 
           OpenGL: renderer: Mesa DRI Intel HD Graphics 500 (Broxton 2x6) v: 4.5 Mesa 19.2.1 
           compat-v: 3.0 direct render: Yes 
Audio:     Device-1: Intel Celeron N3350/Pentium N4200/Atom E3900 Series Audio Cluster 
           vendor: ASRock driver: snd_hda_intel v: kernel bus ID: 00:0e.0 chip ID: 8086:5a98 
           Sound Server: ALSA v: k5.3.0-26-generic 
Network:   Device-1: Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet vendor: ASRock 
           driver: r8169 v: kernel port: e000 bus ID: 02:00.0 chip ID: 10ec:8168 
           IF: enp2s0 state: up speed: 1000 Mbps duplex: full mac: <filter> 
Drives:    Local Storage: total: 223.57 GiB used: 40.61 GiB (18.2%) 
           ID-1: /dev/sda vendor: A-Data model: SU650 size: 223.57 GiB speed: 6.0 Gb/s 
           serial: <filter> 
Partition: ID-1: / size: 218.57 GiB used: 20.30 GiB (9.3%) fs: ext4 dev: /dev/sda2 
           ID-2: swap-1 size: 2.00 GiB used: 0 KiB (0.0%) fs: swap dev: /dev/dm-0 
Sensors:   System Temperatures: cpu: 47.0 C mobo: N/A 
           Fan Speeds (RPM): N/A 
Repos:     No active apt repos in: /etc/apt/sources.list 
           Active apt repos in: /etc/apt/sources.list.d/official-package-repositories.list 
           1: deb http: //packages.linuxmint.com tricia main upstream import backport #id:linuxmint_main
           2: deb http: //archive.ubuntu.com/ubuntu bionic main restricted universe multiverse
           3: deb http: //archive.ubuntu.com/ubuntu bionic-updates main restricted universe multiverse
           4: deb http: //archive.ubuntu.com/ubuntu bionic-backports main restricted universe multiverse
           5: deb http: //security.ubuntu.com/ubuntu/ bionic-security main restricted universe multiverse
           6: deb http: //archive.canonical.com/ubuntu/ bionic partner
Info:      Processes: 188 Uptime: 1h 03m Memory: 7.44 GiB used: 1.65 GiB (22.1%) Init: systemd 
           v: 237 runlevel: 5 Compilers: gcc: 7.4.0 alt: 7 Client: Unknown python3.6 client 
           inxi: 3.0.32 
 * .xsession-errors

dbus-update-activation-environment: setting DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus
dbus-update-activation-environment: setting DISPLAY=:0
dbus-update-activation-environment: setting XAUTHORITY=/home/cerebrum/.Xauthority
dbus-update-activation-environment: setting GTK_MODULES=gail:atk-bridge
dbus-update-activation-environment: setting QT_ACCESSIBILITY=1
dbus-update-activation-environment: setting LANG=de_DE.UTF-8
dbus-update-activation-environment: setting GDM_LANG=de_DE
dbus-update-activation-environment: setting DISPLAY=:0
dbus-update-activation-environment: setting XDG_GREETER_DATA_DIR=/var/lib/lightdm-data/cerebrum
dbus-update-activation-environment: setting USER=cerebrum
dbus-update-activation-environment: setting DESKTOP_SESSION=cinnamon
dbus-update-activation-environment: setting PWD=/home/cerebrum
dbus-update-activation-environment: setting HOME=/home/cerebrum
dbus-update-activation-environment: setting QT_ACCESSIBILITY=1
dbus-update-activation-environment: setting XDG_SESSION_TYPE=x11
dbus-update-activation-environment: setting XDG_DATA_DIRS=/usr/share/cinnamon:/usr/share/gnome:/home/cerebrum/.local/share/flatpak/exports/share:/var/lib/flatpak/exports/share:/usr/local/share:/usr/share
dbus-update-activation-environment: setting XDG_SESSION_DESKTOP=cinnamon
dbus-update-activation-environment: setting GTK_MODULES=gail:atk-bridge
dbus-update-activation-environment: setting SHELL=/bin/bash
dbus-update-activation-environment: setting XDG_SEAT_PATH=/org/freedesktop/DisplayManager/Seat0
dbus-update-activation-environment: setting IM_CONFIG_PHASE=1
dbus-update-activation-environment: setting GPG_AGENT_INFO=/run/user/1000/gnupg/S.gpg-agent:0:1
dbus-update-activation-environment: setting SHLVL=1
dbus-update-activation-environment: setting LANGUAGE=de_DE
dbus-update-activation-environment: setting GDMSESSION=cinnamon
dbus-update-activation-environment: setting LOGNAME=cerebrum
dbus-update-activation-environment: setting DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus
dbus-update-activation-environment: setting XDG_RUNTIME_DIR=/run/user/1000
dbus-update-activation-environment: setting XAUTHORITY=/home/cerebrum/.Xauthority
dbus-update-activation-environment: setting XDG_SESSION_PATH=/org/freedesktop/DisplayManager/Session0
dbus-update-activation-environment: setting XDG_CONFIG_DIRS=/etc/xdg/xdg-cinnamon:/etc/xdg
dbus-update-activation-environment: setting PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games
dbus-update-activation-environment: setting _=/usr/bin/dbus-update-activation-environment
[cinnamon-settings-daemon-smartcard] Failed to start: Es konnte kein passender Smartcard-Treiber gefunden werden
[cinnamon-settings-daemon-smartcard] Failed to start: Es konnte kein passender Smartcard-Treiber gefunden werden
Clutter-Message: 22:10:00.854: Sync method: PRESENTATION TIME
Cjs-Message: 22:10:01.617: JS LOG: About to start Cinnamon
Cjs-Message: 22:10:01.697: JS LOG: [LookingGlass/info] Cinnamon.AppSystem.get_default() started in 74 ms
Cjs-Message: 22:10:01.728: JS LOG: [LookingGlass/info] loading user theme: /usr/share/themes/Mint-Y-Dark/cinnamon/cinnamon.css
Cjs-Message: 22:10:01.761: JS LOG: [LookingGlass/info] added icon directory: /usr/share/themes/Mint-Y-Dark/cinnamon
** Message: 22:10:01.872: nemo-desktop: session is cinnamon, establishing proxy
Cjs-Message: 22:10:02.177: JS LOG: [LookingGlass/info] PlacesManager: Updating devices
Cjs-Message: 22:10:02.206: JS LOG: [LookingGlass/info] loaded at Sat Jan 18 2020 22:10:02 GMT+0100 (CET)
Cjs-Message: 22:10:02.207: JS LOG: Cinnamon started at Sat Jan 18 2020 22:10:02 GMT+0100 (CET)
Cjs-Message: 22:10:02.318: JS LOG: [LookingGlass/info] ExtensionSystem started in 2 ms
Cjs-Message: 22:10:02.318: JS LOG: [LookingGlass/info] DeskletManager started in 2 ms
Cjs-Message: 22:10:02.319: JS LOG: [LookingGlass/info] SearchProviderManager started in 2 ms
openGL version 4.5 detected (GL3 Cogl Driver)
MetaSyncRing disabled: couldn't find required GL extensions, or the minimum safe openGL version was not met
Cjs-Message: 22:10:02.653: JS LOG: [LookingGlass/info] Loaded applet removable-drives@cinnamon.org in 48 ms
Cjs-Message: 22:10:02.778: JS LOG: [LookingGlass/info] Loaded applet calendar@cinnamon.org in 126 ms
Cjs-Message: 22:10:02.832: JS LOG: [LookingGlass/info] Loaded applet show-desktop@cinnamon.org in 52 ms
St-Message: 22:10:02.849: cogl npot texture sizes SUPPORTED
Cjs-Message: 22:10:02.900: JS LOG: [LookingGlass/info] Loaded applet printers@cinnamon.org in 68 ms
Cjs-Message: 22:10:02.925: JS LOG: [LookingGlass/info] Role locked: notifications
Cjs-Message: 22:10:02.951: JS LOG: [LookingGlass/info] Loaded applet notifications@cinnamon.org in 50 ms
Cjs-Message: 22:10:03.002: JS LOG: [LookingGlass/info] Loaded applet keyboard@cinnamon.org in 50 ms
Cjs-Message: 22:10:03.027: JS LOG: [LookingGlass/info] Loaded applet xapp-status@cinnamon.org in 24 ms
Cjs-Message: 22:10:03.047: JS LOG: [LookingGlass/info] Role locked: tray
Cjs-Message: 22:10:03.056: JS LOG: [LookingGlass/info] Loaded applet systray@cinnamon.org in 30 ms
Cjs-Message: 22:10:03.247: JS LOG: [LookingGlass/info] Role locked: panellauncher
Cjs-Message: 22:10:03.277: JS LOG: [LookingGlass/info] Loaded applet panel-launchers@cinnamon.org in 220 ms
Cjs-Message: 22:10:03.333: JS LOG: [LookingGlass/info] Loaded applet power@cinnamon.org in 56 ms

(csd-power:1324): power-plugin-CRITICAL **: 22:10:03.379: abs_to_percentage: assertion 'max > min' failed
Cjs-Message: 22:10:03.413: JS LOG: [LookingGlass/info] Loaded applet window-list@cinnamon.org in 80 ms
Cjs-Message: 22:10:03.560: JS LOG: [LookingGlass/info] Loaded applet sound@cinnamon.org in 148 ms
Cjs-Message: 22:10:03.562: JS LOG: [LookingGlass/info] Adding XAppStatusIcon: nm-applet (org.x.StatusIcon.PID-1507-0)
Cjs-Message: 22:10:03.620: JS LOG: [LookingGlass/info] Hiding XAppStatusIcon (we have an applet): nm-applet (org.x.StatusIcon.PID-1507-0)
Cjs-Message: 22:10:03.641: JS LOG: [LookingGlass/info] Loaded applet network@cinnamon.org in 80 ms
Cjs-Message: 22:10:03.725: JS LOG: Unknown network device type, is 14
Cjs-Message: 22:10:04.289: JS LOG: [LookingGlass/info] Loaded applet menu@cinnamon.org in 648 ms
Cjs-Message: 22:10:04.290: JS LOG: [LookingGlass/info] AppletManager started in 2084 ms
Cjs-Message: 22:10:04.296: JS LOG: [LookingGlass/info] Cinnamon took 2678 ms to start
/usr/share/cinnamon-screensaver/cinnamon-screensaver-main.py:84: Warning: g_base64_encode_step: assertion 'in != NULL' failed
  css = provider.to_string()
Cjs-Message: 22:10:22.234: JS LOG: [LookingGlass/info] Adding XAppStatusIcon: mintUpdate.py (org.x.StatusIcon.PID-1625-0)
Cjs-Message: 22:10:56.913: JS LOG: [LookingGlass/info] Adding XAppStatusIcon: mintreport (org.x.StatusIcon.PID-1744-0)
Nemo-Share-Message: 22:44:33.609: Called "net usershare info" but it failed: »net usershare« gab den Fehler 255 zurück: mkdir failed on directory /var/run/samba/msg.lock: Keine Berechtigung
net usershare: cannot open usershare directory /var/lib/samba/usershares. Error Datei oder Verzeichnis nicht gefunden
Please ask your system administrator to enable user sharing.

Cjs-Message: 22:45:31.555: JS LOG: [LookingGlass/info] Adding systray: hexchat (24x24px)
Cjs-Message: 22:45:31.556: JS LOG: [LookingGlass/info] Resized hexchat with normalized size (24x24px)
Cjs-Message: 22:45:31.561: JS LOG: [LookingGlass/info] Adding systray: hexchat (24x24px)
Cjs-Message: 22:45:31.563: JS LOG: [LookingGlass/info] Resized hexchat with normalized size (24x24px)
Cinnamon warning: Log level 16: value "-nan" of type 'gfloat' is invalid or out of range for property 'width' of type 'gfloat'
Cinnamon warning: Log level 16: value "-nan" of type 'gfloat' is invalid or out of range for property 'height' of type 'gfloat'
Cinnamon warning: Log level 16: value "-nan" of type 'gfloat' is invalid or out of range for property 'width' of type 'gfloat'
Cinnamon warning: Log level 16: value "-nan" of type 'gfloat' is invalid or out of range for property 'height' of type 'gfloat'

**Issue**
I start the PC with one VGA connected monitor and one Hdmi connected.
The hdmi monitor is a tv. If i started the Pc i was looking TV but the monitor also was connected with the PC. When the PC was booted up i wanted to enter my password for start the session. 
this did not work because the hdmi monitor was recognized as the main monitor and no input field was shown to me.
So I just pulled out the hdmi plug that linux automatically sets the Vga monitor as the main monitor
So I just pulled out the hdmi plug that linux automatically sets the Vga monitor as the main monitor so that I can enter my password to work with the pc and decrypt my personal data.

NOW THE BIG ISSUE!
Due to the procedure described above, I did not need to enter a password and have full access to my PC and my personal data.
This is the second time i'm watching this.

I dont have Steps to reproduce or Expected behaviour just wanted to report the problem.
If this is not the right place for this, please let me know who I can contact.

Thx

[mtwebster]

I'm not sure I follow - at what point did you have full access without entering a password?
1 - Started PC
2 - recognized wrong monitor as main
3 - you unplugged hdmi, other monitor became primary
4 - you entered your password? and logged in to decrypt and work with your pc?

Or you didn't have to enter your password, and it just logged you in (and decrypted your home folder)?

[ghost]

At the 3. point. If the vga became primary it automaticaly login without entered password. My settings are i ve to enter password after start for login. NoT automaticaly. Am 19.01.20 um 02:08 schrieb Michael Webster

…

I'm not sure I follow - at what point did you have full access without entering a password? 1 - Started PC 2 - recognized wrong monitor as main 3 - you unplugged hdmi, other monitor became primary 4 - you entered your password? and logged in to *decrypt* and work with your pc? Or you didn't have to enter your password, and it just logged you in (and decrypted your home folder)? -- You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub: #9123 (comment)

[ghost]

You can understand the big problem and waht's going on now?

[clefebvre]

Wouldn't this be an issue with lightDM? If you're not logged in and have no session, this has nothing to do with Cinnamon right?

Can you reproduce the problem with other DEs?

I find it very hard to believe the DM would log you in like that without a password, and even if it did, that it would have access to the passphrase to decrypt your data (there's a technical limitation at play here)... PAM just can't do that afaik.

Or do you mean you already logged in? and this is a locked or resumed session maybe? If so, then we're looking at the screensaver... not the display manager.

Sorry, it's not clear at all to me what is going on.

[noloader]

Wouldn't this be an issue with lightDM? If you're not logged in and have no session, this has nothing to do with Cinnamon right?

This smells of LightDM...

[sdwvit]

Can confirm, sometimes after hibernation I see this issue with external display connected. Experiencing this bug since 2016.