[Bug 876626] Re: Unlocking the second crypto disk (/home) echos password on console

Launchpad Bug Tracker 876626 at bugs.launchpad.net
Fri May 4 23:36:21 UTC 2012 

This bug was fixed in the package upstart - 1.5-0ubuntu7

---------------
upstart (1.5-0ubuntu7) precise-proposed; urgency=low

  * Correct a build failure from the previous upload.

upstart (1.5-0ubuntu6) precise-proposed; urgency=low

  * debian/upstart.logrotate: don't create empty files after rotation;
    upstart will automatically create new log files for jobs as needed.
  * init/main.c: restore the fix for bug #540256; we know the console setup
    is taken care of by plymouth in Ubuntu, so upstart changing the console
    settings just makes trouble (such as turning echo back on when it
    shouldn't be).  LP: #876626.

  [ James Hunt ]
  * debian/upstart-job: Only attempt to handle disabled jobs if the running
    version of Upstart supports such a query (LP: #985755, #984474).
  * debian/manpages/upstart-events.7: Fixed typo and corrected reference to
    'kill signal' stanza.
 -- Steve Langasek <steve.langasek at ubuntu.com>   Thu, 26 Apr 2012 07:48:17 -0700

** Changed in: upstart (Ubuntu Quantal)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to plymouth in Ubuntu.
https://bugs.launchpad.net/bugs/876626

Title:
  Unlocking the second crypto disk (/home) echos password on console

Status in “plymouth” package in Ubuntu:
  Triaged
Status in “upstart” package in Ubuntu:
  Fix Released
Status in “plymouth” source package in Oneiric:
  Invalid
Status in “upstart” source package in Oneiric:
  Fix Committed
Status in “plymouth” source package in Precise:
  Invalid
Status in “upstart” source package in Precise:
  Fix Committed
Status in “plymouth” source package in Quantal:
  Triaged
Status in “upstart” source package in Quantal:
  Fix Released

Bug description:
  [Impact]
  This bug makes cryptsetup unusable in select configurations because passwords are exposed on the console.

  [Development Fix]
  Package will be copied to quantal when the archive opens.

  [Test Case]
   1. cat > /etc/init/plymouth-testing.conf
  start on starting rc RUNLEVEL=[2345]
  task
  exec plymouth ask-for-password --prompt="Password prompt test: "
  ^D
   2. echo FRAMEBUFFER=y > /etc/initramfs-tools/conf.d/plymouth-testing
   3. update-initramfs -u
   4. boot without 'splash' on the kernel commandline
   5. type at the password prompt and confirm that the keypresses are shown.
   6. hit enter to resume boot
   7. install upstart from -proposed
   8. reboot, again without 'splash' on the kernel commandline
   9. type at the password prompt again, to confirm that the keypresses are not shown.
  10. rm /etc/init/plymouth-testing.conf /etc/initramfs-tools/conf.d/plymouth-testing

  [Regression Potential]
  In the event that an upstart job needs access to the console before plymouth has initialized the settings, the console will not be guaranteed to be in a correct state.

  Boot

  1.) Enter crypto phrase for /
  2.) ... init things...
  3.) Enter crypto phrase for /home

  On 3rd the password is echoed as such, only after pressing enter it prints the passwords again with stars.
  Enter passphrase: ABCDEF ENTER
  Enter passphrase: *******

  Workaround:  install the plymouth-theme-ubuntu-logo package if not
  already installed, and boot with the 'splash' option

  ---
  ApportVersion: 1.23-0ubuntu3
  Architecture: i386
  DistroRelease: Ubuntu 11.10
  Package: cryptsetup 2:1.1.3-4ubuntu2
  PackageArchitecture: i386
  ProcEnviron:
   SHELL=/bin/bash
   PATH=(custom, no user)
   LANG=en_US.UTF-8
   LANGUAGE=en_US:en
  ProcVersionSignature: Ubuntu 3.0.0-12.20-generic 3.0.4
  Tags:  oneiric
  Uname: Linux 3.0.0-12-generic i686
  UpgradeStatus: Upgraded to oneiric on 2011-10-15 (5 days ago)
  UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare usrp
  crypttab:
   vg_xiaoyu-root_crypt UUID=8ef6fb8f-ada6-464c-8ba3-d3ceed02ccdd none luks
   vg_xiaoyu-home_crypt UUID=e0aa6c3d-21b1-4ae9-a0db-17b81f13a2cf none luks
   vg_xiaoyu-swap_crypt /dev/mapper/vg_xiaoyu-swap /dev/urandom cipher=aes-cbc-essiv:sha256,size=256,swap

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/plymouth/+bug/876626/+subscriptions

More information about the foundations-bugs mailing list