After switching users, I can see the passwords in /dev/tty1
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gdm3 (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Basically I installed ubuntu 18.04.1 LTS on an old machine (on a blank SSD), and when I just when had finished the configuration installing just a few apps, I thought I had seen the admin's user password during Power Off (in the boot text screen that blinks) - as it's an old computer I could see this text blinking.
I didn't even use this machine.
After some tests, I found out that after performing these steps:
- turning the machine on, logging into admin user
- logging off the admin user
- logging in a non admin user
- logging off the non admin user
- logging in back to the admin user
By running `sudo cat /dev/tty1` I could see everything which was typed in the login screen. And that is the content that appears during the power off text screen.
For more info, please see https:/
The steps I can remember while setting up this machine were:
- changing region to Portuguese (brazil) and configuring keyboard
- installing Gweled, Pitivi, VLC, Spotify and SuperTuxKart through 'Ubuntu Software'
- installing Google Chrome and Skype by downloading their deb packages from the official websites
- uninstalled Thunderbird
- updated everything
As you can see in the AskUbuntu question, I tried to simulate this by repeating these steps in a virtual machine, but was not able to reproduce it. One difference is that this is a HP Pavilion old laptop with all sorts of things on it, so many drivers may be needed which will not be present in the VM. I booted with 4.15.0-29-generic and it behaved the same. However, during the session booting with the 4.15.0.29 recovery mode, I could not detect that sympton!
Running:
sudo lsof /dev/tty1
prints two processes, systemd-l and gdm-wayla.
I installed again the same OS on a different machine and got all the updates installed - no external app installed this time. And I was able to reproduce the issue. I don't know why it doesn't happen in the VM, but it did happen on two different machines (on blank SSDs).
```
uname -a
Linux spider 4.15.0-45-generic #48-Ubuntu SMP Tue Jan 29 16:28:13 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
```
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: gnome-screensaver (not installed)
ProcVersionSign
Uname: Linux 4.15.0-45-generic x86_64
ApportVersion: 2.20.9-0ubuntu7.5
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Sat Feb 2 13:38:45 2019
InstallationDate: Installed on 2019-01-30 (2 days ago)
InstallationMedia: Ubuntu 18.04.1 LTS "Bionic Beaver" - Release amd64 (20180725)
SourcePackage: gnome-screensaver
Symptom: security
Title: Screen locking issue
UpgradeStatus: No upgrade log present (probably fresh install)
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
information type: | Private Security → Public Security |
description: | updated |
Based on the 'lsof' command, I suspect the issue might be related to GDM. Well, certainly it's not related to the screensaver.