When systemd prompts for a password (for example, using systemctl without sudo and requiring authentication), it times out if the user does not type the password fast enough (after about 30 seconds or so).
This results in the password becoming visible on the next prompt from bash (or whatever shell was being used) as the password is left on standard input.
Perhaps this package should consume the input when timing out. Not sure if this is possible, but a security issue.
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: systemd 229-4ubuntu21.2
ProcVersionSignature: Ubuntu 4.4.0-119.143-generic 4.4.114
Uname: Linux 4.4.0-119-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.18
Architecture: amd64
Date: Fri Jul 6 17:31:46 2018
InstallationDate: Installed on 2015-03-06 (1218 days ago)
InstallationMedia: Ubuntu-Server 14.04.2 LTS "Trusty Tahr" - Release amd64 (20150218.1)
MachineType: Dell Inc. PowerEdge R310
ProcEnviron:
TERM=rxvt-unicode-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-4.4.0-119-generic root=/dev/mapper/hostname--vg-root ro
SourcePackage: systemd
UpgradeStatus: Upgraded to xenial on 2016-08-26 (679 days ago)
dmi.bios.date: 03/03/2011
dmi.bios.vendor: Dell Inc.
dmi.bios.version: 1.6.4
dmi.board.name: 05XKKK
dmi.board.vendor: Dell Inc.
dmi.board.version: A02
dmi.chassis.type: 23
dmi.chassis.vendor: Dell Inc.
dmi.modalias: dmi:bvnDellInc.:bvr1.6.4:bd03/03/2011:svnDellInc.:pnPowerEdgeR310:pvr:rvnDellInc.:rn05XKKK:rvrA02:cvnDellInc.:ct23:cvr:
dmi.product.name: PowerEdge R310
dmi.sys.vendor: Dell Inc.
Nice find. When I tested this, it also left the terminal echo off:
sarnold@
==== AUTHENTICATING FOR org.freedesktop
Authentication is required to reload the systemd state.
Authenticating as: Seth Arnold,,, (sarnold)
Password: Failed to reload daemon: Method call timed out
polkit-
sarnold@
...
Thanks