Public bug reported:
Binary package hint: usplash
Since cryptsetup 2:1.0.6-6ubuntu1 (intrepid), cryptsetup now uses
usplash to ask the passphrase. If you switch to console 1, and then
switch back to console 8, you'll see that your password was echoed in
the console, in plain text.
Pre-requisites :
Having a configured cryptsetup with a luks partition on a up-to-date intrepid.
Steps to reproduce :
1. Reboot your computer
2. When asked by usplash, type your password, but don't press "enter" to
validate your password.
3. Switch to tty 1 with CTRL + ALT + F1
4. Switch back to the usplash tty with CTRL + ALT + F8
Result :
The password is written in plain text in the console tty8.
Strangely, this bug can't be reproduced with LVM cryptsetup installation
that comes with hardy alternate install CD. "cryptroot" which is started
by initramfs is almost identical to the init.d script.
1. The password never appears in the console.
2. asterisks appears as you type the password, instead of appearing only once
you pressed "enter"
The fact that one is started inside initramfs and that the other one is
started during the init.d boot sequence seems to have an impact on this
bug.
** Affects: cryptsetup (Ubuntu)
Importance: Undecided
Status: New
** Affects: usplash (Ubuntu)
Importance: Undecided
Status: New
** Description changed:
Binary package hint: usplash
Since cryptsetup 2:1.0.6-6ubuntu1 (intrepid), cryptsetup now uses
usplash to ask the passphrase. If you switch to console 1, and then
switch back to console 8, you'll see that your password was echoed in
the console, in plain text.
Pre-requisites :
- Having a configured cryptsetup with a luks partition and applying the patch
provided in bug 139363 to re-enable cryptsetup password through usplash.
+ Having a configured cryptsetup with a luks partition on a up-to-date intrepid.
Steps to reproduce :
1. Reboot your computer
2. When asked by usplash, type your password, but don't press "enter" to
validate your password.
3. Switch to tty 1 with CTRL + ALT + F1
4. Switch back to the usplash tty with CTRL + ALT + F8
Result :
The password is written in plain text in the console tty8.
Strangely, this bug can't be reproduced with LVM cryptsetup installation
that comes with hardy alternate install CD. "cryptroot" which is started
- by initramfs is almost identical to the patch in bug 139363 but the
- final result differ for two things :
+ by initramfs is almost identical to the init.d script.
1. The password never appears in the console.
2. asterisks appears as you type the password, instead of appearing only once
you pressed "enter"
The fact that one is started inside initramfs and that the other one is
started during the init.d boot sequence seems to have an impact on this
bug.
** Also affects: cryptsetup (Ubuntu)
Importance: Undecided
Status: New
--
usplash echoes cryptsetup passphrase in plain text in console
https://bugs.launchpad.net/bugs/263634
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
