This issue does appear to have been exposed by a change to Upstart:
Upstart now resets the terminal attributes for /dev/console to ensure a
sane environment for Upstart itself to operate in. It does this (and
*should* do this) since it cannot know what state the initramfs left the
console in (in fact consider the scenario if there *is* no initramfs on
systems like ARM).
However, in resetting the console, Upstart has exposed a bug in Plymouth
which is only disabling echoing once (when it first opens a terminal
device).
Here is what's happening for the crypto scenario:
1) plymouthd is started from the initramfs.
2) plymouthd opens /dev/console and puts the terminal into "raw" (no-echo) mode
such that if passwords are prompted for, they will not be displayed.
3) The passphrase for the (1st) root partition is prompted for by the plymouth
client. Crucially, this happens from the initramfs. This correctly obscures the
entered passphrase and displays asterisks as the user types both in graphical
and text mode (using the plymouth "details" plugin).
4) The initramfs finishes executing and hands control to Upstart.
5) Upstart resets the terminal attributes on /dev/console since it is not aware
plymouthd is connected to it too, but unfortunately, plymouthd is not aware of
Upstart resetting the attributes and still believes (incorrectly) that echoing
is disabled.
6) The passphrase for further crypto volumes is now prompted for, but this time
from Upstart jobs
(/etc/init/cryptdisks-enable.conf, /etc/init/cryptdisks-udev.conf). The
user is prompted to enter further passphrases which are now echoed to the
terminal due to the reset performed by Upstart.
The real problem here is plymouth: when prompting for a password, it is
unsafe to assume the terminal it is connected to is still in the state
it was put into when the device was first opened. The fix is to set the
terminal to raw mode immediately prior to prompting for any password. I
will send a fix to Plymouth upstream to accomplish this.
A temporary workaround to the problem would be to modify the Upstart
jobs /etc/init/cryptdisks-enable.conf and/etc/init/cryptdisks-udev.conf
to manually disable then re-enable terminal echoing. Something like
this:
script
stty -echo -icanon
# << main part of scripts >>
stty echo icanon
end script
** Changed in: upstart (Ubuntu Precise)
Status: Confirmed => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/876626
Title:
Unlocking the second crypto disk (/home) echos password on console
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/plymouth/+bug/876626/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
