[Bug 876626] Re: Unlocking the second crypto disk (/home) echos password on console

Steve Langasek steve.langasek at canonical.com
Tue Apr 24 01:05:00 UTC 2012 

Hi James,

On Mon, Apr 23, 2012 at 07:42:08PM -0000, James Hunt wrote:
> The real problem here is plymouth: when prompting for a password, it is
> unsafe to assume the terminal it is connected to is still in the state
> it was put into when the device was first opened. The fix is to set the
> terminal to raw mode immediately prior to prompting for any password. I
> will send a fix to Plymouth upstream to accomplish this.

I'm not convinced that we should consider this a plymouth bug.  I think
plymouth is right to assume that its console settings will remain
persistent, and it's upstart that's in the wrong here for changing the
settings out from underneath it.  Why does upstart care about the echo flag
at all?  Couldn't it simply read the existing echo flag value, and OR that
in with the rest of its preferred settings?

> A temporary workaround to the problem would be to modify the Upstart
> jobs /etc/init/cryptdisks-enable.conf and/etc/init/cryptdisks-udev.conf
> to manually disable then re-enable terminal echoing. Something like
> this:

> script

>     stty -echo -icanon

>     # << main part of scripts >>

>     stty echo icanon

> end script

I don't think the latter part is right, because plymouth is still running at
the end of the job and still owns the console, so its preferred console
settings should still apply.  (Which is part of why I think this is not a
plymouth bug.)  Also this job has no 'console' line, so the stty command
would have to have its stdin attached to the console somehow... so it's
really not worth trying to deploy a quick fix here.

Looking back at the upstart history, I see this:

revno: 1266
committer: Scott James Remnant <scott at netsplit.com>
branch nick: upstart
timestamp: Wed 2010-03-17 22:34:37 +0000
message:
  * init/main.c:
    - Don't change the settings of the foreground console, this is often
      owned by plymouth and not supposed to be in Canonical Mode; all other
      paths have stty sane settings anyway (which these are not), so there
      really isn't need for init to do this.  LP: #540256.

And I can't find anywhere in the history where this decision was consciously
reversed:  it appears to have been a casualty of the upstream 1.3 merge onto
the Ubuntu branch.

Please consider whether we should restore the pre-1.3 Ubuntu upstart
behavior of not changing the foreground console settings, and whether this
change should be included upstream - I don't know why Scott never made this
change upstream.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to plymouth in Ubuntu.
https://bugs.launchpad.net/bugs/876626

Title:
  Unlocking the second crypto disk (/home) echos password on console

Status in “plymouth” package in Ubuntu:
  Confirmed
Status in “upstart” package in Ubuntu:
  In Progress
Status in “plymouth” source package in Oneiric:
  Confirmed
Status in “upstart” source package in Oneiric:
  Confirmed
Status in “plymouth” source package in Precise:
  Confirmed
Status in “upstart” source package in Precise:
  In Progress

Bug description:
  Boot

  1.) Enter crypto phrase for /
  2.) ... init things...
  3.) Enter crypto phrase for /home

  On 3rd the password is echoed as such, only after pressing enter it prints the passwords again with stars.
  Enter passphrase: ABCDEF ENTER
  Enter passphrase: *******

  Workaround:  install the plymouth-theme-ubuntu-logo package if not
  already installed, and boot with the 'splash' option

  ---
  ApportVersion: 1.23-0ubuntu3
  Architecture: i386
  DistroRelease: Ubuntu 11.10
  Package: cryptsetup 2:1.1.3-4ubuntu2
  PackageArchitecture: i386
  ProcEnviron:
   SHELL=/bin/bash
   PATH=(custom, no user)
   LANG=en_US.UTF-8
   LANGUAGE=en_US:en
  ProcVersionSignature: Ubuntu 3.0.0-12.20-generic 3.0.4
  Tags:  oneiric
  Uname: Linux 3.0.0-12-generic i686
  UpgradeStatus: Upgraded to oneiric on 2011-10-15 (5 days ago)
  UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare usrp
  crypttab:
   vg_xiaoyu-root_crypt UUID=8ef6fb8f-ada6-464c-8ba3-d3ceed02ccdd none luks
   vg_xiaoyu-home_crypt UUID=e0aa6c3d-21b1-4ae9-a0db-17b81f13a2cf none luks
   vg_xiaoyu-swap_crypt /dev/mapper/vg_xiaoyu-swap /dev/urandom cipher=aes-cbc-essiv:sha256,size=256,swap

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/plymouth/+bug/876626/+subscriptions

More information about the foundations-bugs mailing list