[Bug 876626] Re: Unlocking the second crypto disk (/home) echos password on console

Steve Langasek steve.langasek at canonical.com
Wed Jun 20 20:10:03 UTC 2012


quantal includes plymouth 0.8.4, which has the upstream changes to
support locking the terminal.

** Changed in: plymouth (Ubuntu Quantal)
       Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to plymouth in Ubuntu.
https://bugs.launchpad.net/bugs/876626

Title:
  Unlocking the second crypto disk (/home) echos password on console

Status in “plymouth” package in Ubuntu:
  Fix Released
Status in “upstart” package in Ubuntu:
  Fix Released
Status in “plymouth” source package in Oneiric:
  Invalid
Status in “upstart” source package in Oneiric:
  Fix Released
Status in “plymouth” source package in Precise:
  Invalid
Status in “upstart” source package in Precise:
  Fix Released
Status in “plymouth” source package in Quantal:
  Fix Released
Status in “upstart” source package in Quantal:
  Fix Released

Bug description:
  [Impact]
  This bug makes cryptsetup unusable in select configurations because passwords are exposed on the console.

  [Development Fix]
  Package will be copied to quantal when the archive opens.

  [Test Case]
   1. cat > /etc/init/plymouth-testing.conf
  start on starting rc RUNLEVEL=[2345]
  task
  exec plymouth ask-for-password --prompt="Password prompt test: "
  ^D
   2. echo FRAMEBUFFER=y > /etc/initramfs-tools/conf.d/plymouth-testing
   3. update-initramfs -u
   4. boot without 'splash' on the kernel commandline
   5. type at the password prompt and confirm that the keypresses are shown.
   6. hit enter to resume boot
   7. install upstart from -proposed
   8. reboot, again without 'splash' on the kernel commandline
   9. type at the password prompt again, to confirm that the keypresses are not shown.
  10. rm /etc/init/plymouth-testing.conf /etc/initramfs-tools/conf.d/plymouth-testing

  [Regression Potential]
  In the event that an upstart job needs access to the console before plymouth has initialized the settings, the console will not be guaranteed to be in a correct state.

  Boot

  1.) Enter crypto phrase for /
  2.) ... init things...
  3.) Enter crypto phrase for /home

  On 3rd the password is echoed as such, only after pressing enter it prints the passwords again with stars.
  Enter passphrase: ABCDEF ENTER
  Enter passphrase: *******

  Workaround:  install the plymouth-theme-ubuntu-logo package if not
  already installed, and boot with the 'splash' option

  ---
  ApportVersion: 1.23-0ubuntu3
  Architecture: i386
  DistroRelease: Ubuntu 11.10
  Package: cryptsetup 2:1.1.3-4ubuntu2
  PackageArchitecture: i386
  ProcEnviron:
   SHELL=/bin/bash
   PATH=(custom, no user)
   LANG=en_US.UTF-8
   LANGUAGE=en_US:en
  ProcVersionSignature: Ubuntu 3.0.0-12.20-generic 3.0.4
  Tags:  oneiric
  Uname: Linux 3.0.0-12-generic i686
  UpgradeStatus: Upgraded to oneiric on 2011-10-15 (5 days ago)
  UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare usrp
  crypttab:
   vg_xiaoyu-root_crypt UUID=8ef6fb8f-ada6-464c-8ba3-d3ceed02ccdd none luks
   vg_xiaoyu-home_crypt UUID=e0aa6c3d-21b1-4ae9-a0db-17b81f13a2cf none luks
   vg_xiaoyu-swap_crypt /dev/mapper/vg_xiaoyu-swap /dev/urandom cipher=aes-cbc-essiv:sha256,size=256,swap

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/plymouth/+bug/876626/+subscriptions




More information about the foundations-bugs mailing list