greeter pin stored in plain text with hidden demo greeter code
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ubuntu-system-settings (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
unity8 (Ubuntu) |
Fix Released
|
High
|
Michael Terry |
Bug Description
In previous images, there was a setting to setup a PIN or password for unlocking the greeter. This feature is no longer exposed in the user interface, so this is not a particularly important bug to fix and can likely just be closed when proper PAM support is used.
Nevertheless:
# cat /home/phablet/
[General]
password=pin
passwordValue=1234
# ls -l /home/phablet/
-rw-r--r-- 1 phablet phablet 42 Sep 20 21:36 /home/phablet/
If the demo code is going to be reintroduced into the user interface, it should not store the PIN/password in plain text because people may not realize it and store an important credential there. It could probably remain if both of these were done:
1. the file is 'chmod 600'
2. you used a proper hashing algorithm (see 'man crypt'-- ie, use SHA-512 with a randomly generated salt when the password is set)
If implementing the above, please contact the security team since we would want to review the implementation details.
$ adb shell system-image-cli -i
current build number: 78
device name: mako
channel: stable
last update: 2013-10-03 13:05:32
version version: 78
version ubuntu: 20131003
version device: 20131002.1
Related branches
- Sebastien Bacher (community): Approve
- PS Jenkins bot: Approve (continuous-integration)
- Seth Arnold (community): Approve
-
Diff: 1661 lines (+1023/-361)12 files modifiedCMakeLists.txt (+1/-0)
debian/control (+3/-2)
plugins/security-privacy/CMakeLists.txt (+24/-5)
plugins/security-privacy/LockSecurity.qml (+278/-277)
plugins/security-privacy/PageComponent.qml (+24/-1)
plugins/security-privacy/helper.cpp (+55/-0)
plugins/security-privacy/polkitlistener.cpp (+247/-0)
plugins/security-privacy/polkitlistener.h (+65/-0)
plugins/security-privacy/securityprivacy.cpp (+285/-56)
plugins/security-privacy/securityprivacy.h (+31/-11)
src/accountsservice.cpp (+8/-7)
src/accountsservice.h (+2/-2)
- PS Jenkins bot (community): Approve (continuous-integration)
- Albert Astals Cid (community): Abstain
- Michał Sawicz: Approve
- Seth Arnold (community): Approve
- Marc Deslauriers: Pending requested
-
Diff: 845 lines (+338/-75)20 files modifieddebian/control (+1/-0)
plugins/AccountsService/AccountsService.cpp (+21/-1)
plugins/AccountsService/AccountsService.h (+13/-0)
plugins/AccountsService/plugin.cpp (+1/-0)
plugins/LightDM/plugin.cpp (+2/-0)
qml/Components/PassphraseLockscreen.qml (+3/-0)
qml/Shell.qml (+27/-21)
run.sh (+15/-6)
tests/mocks/AccountsService/AccountsService.cpp (+12/-2)
tests/mocks/AccountsService/AccountsService.h (+12/-0)
tests/mocks/AccountsService/CMakeLists.txt (+4/-1)
tests/mocks/AccountsService/plugin.cpp (+1/-0)
tests/mocks/LightDM/GreeterPrivate.h (+2/-0)
tests/mocks/LightDM/demo/CMakeLists.txt (+4/-2)
tests/mocks/LightDM/demo/GreeterPrivate.cpp (+205/-33)
tests/mocks/LightDM/demo/UsersModelPrivate.cpp (+1/-1)
tests/mocks/LightDM/full/GreeterPrivate.cpp (+1/-1)
tests/mocks/LightDM/single-pin/GreeterPrivate.cpp (+1/-1)
tests/mocks/LightDM/single-pin/UsersModelPrivate.cpp (+1/-1)
tests/qmltests/Greeter/tst_Lockscreen.qml (+11/-5)
information type: | Private Security → Public Security |
Changed in unity8: | |
status: | New → Triaged |
importance: | Undecided → High |
assignee: | nobody → Michael Terry (mterry) |
Changed in unity8: | |
status: | Triaged → In Progress |
Changed in unity8: | |
status: | In Progress → Fix Released |
Changed in unity8 (Ubuntu): | |
assignee: | nobody → Michael Terry (mterry) |
importance: | Undecided → High |
no longer affects: | unity8 |
Note that in current images, the user cannot graphically use that feature. It's not a documented feature at all.
The real fix is to just use PAM for post-v1