Unfortunately I can't reproduce this bug, even with the
0.9.3-1ubuntu7.18.04.1 version of plymouth installed, so I can't say for
sure that it's fixed with plymouth 0.9.3-1ubuntu7.18.04.2.
Also note that the [test case] in the description is wrong, that would
be correct with the systemd change made earlier, but that change was
reverted upstream and in ubuntu, so the test case steps aren't an
accurate indication that the bug is fixed or not.
Anyone on this bug able to reproduce the main problem, of key output
(e.g. passwords) being printed on the console and visible between login
sessions, and/or during shutdown? If not, I think we should consider
this bug fixed.
** Changed in: systemd (Ubuntu)
Status: Confirmed => Invalid
** Changed in: plymouth (Ubuntu)
Status: Invalid => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gdm3 in Ubuntu.
https://bugs.launchpad.net/bugs/1803993
Title:
Password appears on the VT1 screen
Status in gdm3 package in Ubuntu:
Invalid
Status in plymouth package in Ubuntu:
Fix Released
Status in systemd package in Ubuntu:
Invalid
Bug description:
[Impact]
* The keyboard on the graphical login screen started on VT1 may stop
working and or keypresses including passwords are leaked to the
terminal console running 'behind' the graphical login screen or
environment.
[Test Case]
* Reboot after installing the fixed systemd package.
* Install sysdig
* Start sysdig on a remote connection or on a terminal console:
$ sudo sysdig evt.type=ioctl | grep request=4B4
* While sysdig is running log in and out 3 times in GDM and press a few keys
in the graphical session to see if keyboard still works
* Log in and out on an other terminal console, too, running a few commands
while being logged in to ensure that keyboard is working.
* Observe that on terminal consoles the monitored keyboard setter ioctl is
called with argument=3, but where the graphical screen is active only
argument=4 is used, unlike with the buggy version observed in
https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1803993/comments/14
[Regression Potential]
* The fix checks the current keyboard mode of the VT and allows only
safe mode switches. The potential regression could be not allowing a
valid mode switch keeping a keyboard in a non-operational mode.
Testing covers that by typing the keyboard.
(continued from bug 1767918)
This was found when an administrative error made /home directory
inaccessible. Any users that tried to login after that, were not able
to (which is expected) but their password appears on the VT1 screen.
Under normal circumstances, VT1 is not visible. But once the system
was sent into this compromised mode, one can press ctrl+alt+F1 and
then ctrl+alt+F2 and get a momentary glance at VT1. One can keep
toggling between these key combinations in order to make out the
password(s) on VT1.
As a further test, I wanted to see if a non-super user could cause
this condition, and it is in fact possible. As a regular user, I made
their own home directory not writable and then removed ~/.config and
logged out. Then logged in as that user again, and although that user
can't login the system does go into that mode where passwords appear
on VT1 and are viewable with the key combinations mentioned herein.
Further, any other users that login will see no problem, but when they
logon their passwords also appear on VT1 and are viewable.
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: gdm3 3.28.3-0ubuntu18.04.3
Uname: Linux 4.19.2-041902-generic x86_64
ApportVersion: 2.20.9-0ubuntu7.5
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Mon Nov 19 08:32:59 2018
InstallationDate: Installed on 2018-08-25 (85 days ago)
InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180426)
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: gdm3
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1803993/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
