Comment 6 for bug 55159
Revision history for this message
| Saivann Carignan (oxmosys) wrote Re: [edgy] usplash prevents passwords from being not echoed on the console | #6 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Daniel Hahler : I can reproduce this bug (which can be considered as a security flaw) in Hardy and Intrepid. This bug can be reproduced in these conditions :
Pre-requisites :
Having a configured cryptsetup with a luks partition and applying the patch provided in bug 139363 to re-enable cryptsetup password through usplash.
Steps to reproduce :
1. Reboot your computer
2. When asked by usplash, type your password, but don't press "enter" to validate your password.
3. Switch to tty 1 with CTRL + ALT + F1
4. Switch back to the usplash tty with CTRL + ALT + F8
Result :
The password is written in plain text in the console.
Strangely, this bug can't be reproduced with LVM cryptsetup installation that comes with hardy alternate install CD. "cryptroot" which is started by initramfs is almost identical to the patch in bug 139363 but the final result differ for two things :
1. The password never appears in the console.
2. asterisks appears as you type the password, instead of appearing only once you pressed "enter"
The fact that one is started inside initramfs and that the other one is started during the init.d boot sequence seems to have an impact on this bug.