Unlocking the second crypto disk (/home) echos password on console
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
plymouth (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Oneiric |
Invalid
|
Undecided
|
Unassigned | ||
Precise |
Invalid
|
Undecided
|
Unassigned | ||
Quantal |
Fix Released
|
Undecided
|
Unassigned | ||
upstart (Ubuntu) |
Fix Released
|
High
|
James Hunt | ||
Oneiric |
Fix Released
|
High
|
Unassigned | ||
Precise |
Fix Released
|
High
|
James Hunt | ||
Quantal |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[Impact]
This bug makes cryptsetup unusable in select configurations because passwords are exposed on the console.
[Development Fix]
Package will be copied to quantal when the archive opens.
[Test Case]
1. cat > /etc/init/
start on starting rc RUNLEVEL=[2345]
task
exec plymouth ask-for-password --prompt="Password prompt test: "
^D
2. echo FRAMEBUFFER=y > /etc/initramfs-
3. update-initramfs -u
4. boot without 'splash' on the kernel commandline
5. type at the password prompt and confirm that the keypresses are shown.
6. hit enter to resume boot
7. install upstart from -proposed
8. reboot, again without 'splash' on the kernel commandline
9. type at the password prompt again, to confirm that the keypresses are not shown.
10. rm /etc/init/
[Regression Potential]
In the event that an upstart job needs access to the console before plymouth has initialized the settings, the console will not be guaranteed to be in a correct state.
Boot
1.) Enter crypto phrase for /
2.) ... init things...
3.) Enter crypto phrase for /home
On 3rd the password is echoed as such, only after pressing enter it prints the passwords again with stars.
Enter passphrase: ABCDEF ENTER
Enter passphrase: *******
Workaround: install the plymouth-
---
ApportVersion: 1.23-0ubuntu3
Architecture: i386
DistroRelease: Ubuntu 11.10
Package: cryptsetup 2:1.1.3-4ubuntu2
PackageArchitec
ProcEnviron:
SHELL=/bin/bash
PATH=(custom, no user)
LANG=en_US.UTF-8
LANGUAGE=en_US:en
ProcVersionSign
Tags: oneiric
Uname: Linux 3.0.0-12-generic i686
UpgradeStatus: Upgraded to oneiric on 2011-10-15 (5 days ago)
UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare usrp
crypttab:
vg_xiaoyu-
vg_xiaoyu-
vg_xiaoyu-
Related branches
- James Hunt (community): Approve
-
Diff: 45 lines (+8/-13)2 files modifieddebian/changelog (+4/-0)
init/main.c (+4/-13)
Changed in cryptsetup (Ubuntu): | |
status: | Incomplete → New |
security vulnerability: | no → yes |
affects: | cryptsetup (Ubuntu) → plymouth (Ubuntu) |
Changed in plymouth (Ubuntu Oneiric): | |
status: | New → Confirmed |
Changed in upstart (Ubuntu Oneiric): | |
status: | New → Confirmed |
Changed in plymouth (Ubuntu Precise): | |
assignee: | nobody → Canonical Security Team (canonical-security) |
assignee: | Canonical Security Team (canonical-security) → nobody |
Changed in upstart (Ubuntu Precise): | |
assignee: | James Hunt (jamesodhunt) → Stéphane Graber (stgraber) |
Changed in upstart (Ubuntu Oneiric): | |
importance: | Undecided → Medium |
importance: | Medium → High |
Changed in upstart (Ubuntu Precise): | |
assignee: | Stéphane Graber (stgraber) → Adam Conrad (adconrad) |
tags: | added: css-sponsored-p |
tags: | added: rls-mgr-p-tracking |
Changed in upstart (Ubuntu Precise): | |
milestone: | none → ubuntu-12.04.1 |
tags: | added: rls-p-tracking |
Changed in upstart (Ubuntu Precise): | |
assignee: | Adam Conrad (adconrad) → James Hunt (jamesodhunt) |
description: | updated |
Changed in plymouth (Ubuntu Oneiric): | |
status: | Confirmed → Invalid |
Changed in plymouth (Ubuntu Precise): | |
status: | Confirmed → Invalid |
Changed in plymouth (Ubuntu Quantal): | |
status: | New → Triaged |
tags: |
added: verification-done removed: verification-needed |
Assigning to cryptsetup for now