root password visible at emergency console

Bug #104602 reported by Jonathan Musther on 2007-04-08
262
This bug affects 2 people
Affects Status Importance Assigned to Milestone
sysvinit (Ubuntu)
Medium
Unassigned

Bug Description

If boot fails (for example e2fsck can't deal with a partition) the user is given the option to continue by pressing Control+D, or to enter the root password for an emergency console. If the password is entered, it is visible, ie it is not starred or blocked out, or simply invisible as usual.

Ubuntu 7.04 latest updates.

Brian Murray (brian-murray) wrote :

This is true however, you have to have changed the root password to something. By default the root user has no password so would be auto logged in.

Brian Murray (brian-murray) wrote :

Interestingly, when you boot into to recovery mode and enter the root password nothing is shown. I believe the emergency console should behave the same way.

Martin Pitt (pitti) wrote :

Tentatively a sulogin problem when running under upstart; I take a peek at this.

Martin Pitt (pitti) wrote :

Confirmed. It only happens when booting with usplash (that's why it does not happen when you boot rescue mode). For reproducing it is enough to enable SULOGIN in /etc/default/rcS and boot with splash enabled.

Martin Pitt (pitti) wrote :

For the record, all the tcsetattr() flags are exactly the same when booting with or without usplash.

Martin Pitt (pitti) wrote :

<mjg59> Does it happen if you boot with vga=791?
<pitti> let me try
<pitti> yes, it does
<mjg59> Ok. So it's somewhere in the core code
<mjg59> Not svgalib
<mjg59> That makes life easier

Martin Pitt (pitti) wrote :

Bug 58503 might be related, this needs to be checked.

Martin Pitt (pitti) wrote :

This seems to have been fixed with all the usplash fixes that went into Hardy. I also just verified that it did not get unfixed again with the usplash fsck fixes I did for bug 209416.

Changed in sysvinit:
status: In Progress → Fix Released
Martin Pitt (pitti) wrote :

Whoops, sorry. While it does work correctly now with fsck, it still happens when enabling SULOGIN in /etc/default/rcS. This is a less concerning issue, though.

Changed in sysvinit:
importance: Undecided → Medium
milestone: ubuntu-7.04 → none
status: Fix Released → Confirmed
Geoffrey Thomas (geofft) wrote :

Still an issue on my Intrepid laptop, when enabling SULOGIN in /etc/default/rcS. Which "usplash fixes that ... went into Hardy" fixed this? Presumably, we need to move that code to just before sulogin runs, instead of merely before fsck runs?

Kees Cook (kees) wrote :

Martin, this is a really odd bug. lsof on the sulogin shell shows it has /dev/console open, but it's a deleted file. I suspect that either usplash or upstart is closing /dev/tty8 after sulogin has started, and resetting the tc flags. I suspect this may also be causing bug 55159.

Martin Pitt (pitti) on 2009-04-16
Changed in sysvinit (Ubuntu):
assignee: Martin Pitt (pitti) → nobody
status: Confirmed → Triaged
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers