[Bug 55159] Re: usplash prevents passwords from being not echoed on the console

Luke lukekuhn at hotmail.com
Thu Apr 9 23:08:39 UTC 2009 

 BROADER PATCH FOR BOTH LUKS AND REGULAR MAPPINGS

After posting my patch, I realized I only wrote it for LUKS! Therefore,
I spent most of today rebooting again and again to test revisions to add
the code to the part of cryptdisks.functions that controls setting a
regular mapping as well.  It works, though with a regular mapping
cryptsetup will not error out regardless of the passphrase-the mapping
just won't mount if the passphrase is wrong.

This alone is a good reason to use LUKS.  With this code and LUKS, if
the password is wrong usplash (and cryptsetup underneath) will simply
hold and wait until  the right password is entered or you run out of
tries-then the boot process resumes. Usplash is verbose while cryptsetup
is running.

With these revisions, askpass(the source of the security hole) is NOT
used and the passphrase is NOT echoed to the console (I checked).
Verified to work on Intel Atom and AMD Athlon 64 w/32 bit Ubuntu Jaunty,
earlier patch(posted above) also verified on 2 GHZ 32 bit(old style) AMD
Athlon with Ubuntu Hardy. Either version of cryptsetup is fine with this
patch.

TODO: Find a way to force tries=1 for each call of cryptsetup, then loop
the script again so cryptsetup (and the Usplash prompts) are called once
each time for every try in "tries=" in /etc/crypttab.  This would make
the splash screen text responsive to a bad password instead of the user
having to know no response=bad passphrase. Still, usplash works, and the
passphrase doesn't get echoed to the console.

Anyway, here is the new code-straight out of /lib/cryptsetup on the
machine this is uploaded from.

** Attachment added: "Broader patch for secure Usplash passphrase entry for both LUKS and non-LUKS mappings"
   http://launchpadlibrarian.net/25171256/cryptdisks.functions

-- 
usplash prevents passwords from being not echoed on the console
https://bugs.launchpad.net/bugs/55159
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

More information about the universe-bugs mailing list