Oh, man. Once the password is written to a file on a real disk
(/var/...), it should be considered compromised. Using shred or rm makes
no guarantee that the bytes are removed from the device. In particular,
it would be fairly trivial to do something like "grep 'merged config'
/dev/sda" and chances
Upstream fix: https://github.com/systemd/systemd/commit/83d4ab5533 (in
systemd-242).
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1812316
Title:
systemd: lack of seat verification in PAM mo
