[Bug 876626] Re: Unlocking the second crypto disk (/home) echos password on console

James Hunt 876626 at bugs.launchpad.net
Mon Apr 23 19:42:08 UTC 2012 

This issue does appear to have been exposed by a change to Upstart:
Upstart now resets the terminal attributes for /dev/console to ensure a
sane environment for Upstart itself to operate in. It does this (and
*should* do this) since it cannot know what state the initramfs left the
console in (in fact consider the scenario if there *is* no initramfs on
systems like ARM).

However, in resetting the console, Upstart has exposed a bug in Plymouth
which is only disabling echoing once (when it first opens a terminal
device).

Here is what's happening for the crypto scenario:

1) plymouthd is started from the initramfs.
2) plymouthd opens /dev/console and puts the terminal into "raw" (no-echo) mode such that if passwords are prompted for, they will not be displayed.
3) The passphrase for the (1st) root partition is prompted for by the plymouth client. Crucially, this happens from the initramfs. This correctly obscures the entered passphrase and displays asterisks as the user types both in graphical and text mode (using the plymouth "details" plugin).
4) The initramfs finishes executing and hands control to Upstart.
5) Upstart resets the terminal attributes on /dev/console since it is not aware plymouthd is connected to it too, but unfortunately, plymouthd is not aware of Upstart resetting the attributes and still believes (incorrectly) that echoing is disabled.
6) The passphrase for further crypto volumes is now prompted for, but this time from Upstart jobs
    (/etc/init/cryptdisks-enable.conf, /etc/init/cryptdisks-udev.conf). The user is prompted to enter further passphrases which are now echoed to the terminal due to the reset performed by Upstart.

The real problem here is plymouth: when prompting for a password, it is
unsafe to assume the terminal it is connected to is still in the state
it was put into when the device was first opened. The fix is to set the
terminal to raw mode immediately prior to prompting for any password. I
will send a fix to Plymouth upstream to accomplish this.

A temporary workaround to the problem would be to modify the Upstart
jobs /etc/init/cryptdisks-enable.conf and/etc/init/cryptdisks-udev.conf
to manually disable then re-enable terminal echoing. Something like
this:

script

    stty -echo -icanon

    # << main part of scripts >>

    stty echo icanon

end script


** Changed in: upstart (Ubuntu Precise)
       Status: Confirmed => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to plymouth in Ubuntu.
https://bugs.launchpad.net/bugs/876626

Title:
  Unlocking the second crypto disk (/home) echos password on console

Status in “plymouth” package in Ubuntu:
  Confirmed
Status in “upstart” package in Ubuntu:
  In Progress
Status in “plymouth” source package in Oneiric:
  Confirmed
Status in “upstart” source package in Oneiric:
  Confirmed
Status in “plymouth” source package in Precise:
  Confirmed
Status in “upstart” source package in Precise:
  In Progress

Bug description:
  Boot

  1.) Enter crypto phrase for /
  2.) ... init things...
  3.) Enter crypto phrase for /home

  On 3rd the password is echoed as such, only after pressing enter it prints the passwords again with stars.
  Enter passphrase: ABCDEF ENTER
  Enter passphrase: *******

  Workaround:  install the plymouth-theme-ubuntu-logo package if not
  already installed, and boot with the 'splash' option

  ---
  ApportVersion: 1.23-0ubuntu3
  Architecture: i386
  DistroRelease: Ubuntu 11.10
  Package: cryptsetup 2:1.1.3-4ubuntu2
  PackageArchitecture: i386
  ProcEnviron:
   SHELL=/bin/bash
   PATH=(custom, no user)
   LANG=en_US.UTF-8
   LANGUAGE=en_US:en
  ProcVersionSignature: Ubuntu 3.0.0-12.20-generic 3.0.4
  Tags:  oneiric
  Uname: Linux 3.0.0-12-generic i686
  UpgradeStatus: Upgraded to oneiric on 2011-10-15 (5 days ago)
  UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare usrp
  crypttab:
   vg_xiaoyu-root_crypt UUID=8ef6fb8f-ada6-464c-8ba3-d3ceed02ccdd none luks
   vg_xiaoyu-home_crypt UUID=e0aa6c3d-21b1-4ae9-a0db-17b81f13a2cf none luks
   vg_xiaoyu-swap_crypt /dev/mapper/vg_xiaoyu-swap /dev/urandom cipher=aes-cbc-essiv:sha256,size=256,swap

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/plymouth/+bug/876626/+subscriptions

More information about the foundations-bugs mailing list