Ubuntu
upstart package

Bug #876626
Comment #33

Comment 33 for bug 876626

Revision history for this message

James Hunt (jamesodhunt) wrote on 2012-04-23:

#33

This issue does appear to have been exposed by a change to Upstart: Upstart now resets the terminal attributes for /dev/console to ensure a sane environment for Upstart itself to operate in. It does this (and *should* do this) since it cannot know what state the initramfs left the console in (in fact consider the scenario if there *is* no initramfs on systems like ARM).

However, in resetting the console, Upstart has exposed a bug in Plymouth which is only disabling echoing once (when it first opens a terminal device).

Here is what's happening for the crypto scenario:

1) plymouthd is started from the initramfs.
2) plymouthd opens /dev/console and puts the terminal into "raw" (no-echo) mode such that if passwords are prompted for, they will not be displayed.
3) The passphrase for the (1st) root partition is prompted for by the plymouth client. Crucially, this happens from the initramfs. This correctly obscures the entered passphrase and displays asterisks as the user types both in graphical and text mode (using the plymouth "details" plugin).
4) The initramfs finishes executing and hands control to Upstart.
5) Upstart resets the terminal attributes on /dev/console since it is not aware plymouthd is connected to it too, but unfortunately, plymouthd is not aware of Upstart resetting the attributes and still believes (incorrectly) that echoing is disabled.
6) The passphrase for further crypto volumes is now prompted for, but this time from Upstart jobs
(/etc/init/cryptdisks-enable.conf, /etc/init/cryptdisks-udev.conf). The user is prompted to enter further passphrases which are now echoed to the terminal due to the reset performed by Upstart.

The real problem here is plymouth: when prompting for a password, it is unsafe to assume the terminal it is connected to is still in the state it was put into when the device was first opened. The fix is to set the terminal to raw mode immediately prior to prompting for any password. I will send a fix to Plymouth upstream to accomplish this.

A temporary workaround to the problem would be to modify the Upstart jobs /etc/init/cryptdisks-enable.conf and/etc/init/cryptdisks-udev.conf to manually disable then re-enable terminal echoing. Something like this:

script

stty -echo -icanon

# << main part of scripts >>

stty echo icanon

end script

However, in resetting the console, Upstart has exposed a bug in Plymouth which is only disabling echoing once (when it first opens a terminal device).

Here is what's happening for the crypto scenario:

1) plymouthd is started from the initramfs.
2) plymouthd opens /dev/console and puts the terminal into "raw" (no-echo) mode such that if passwords are prompted for, they will not be displayed.
3) The passphrase for the (1st) root partition is prompted for by the plymouth client. Crucially, this happens from the initramfs. This correctly obscures the entered passphrase and displays asterisks as the user types both in graphical and text mode (using the plymouth "details" plugin).
4) The initramfs finishes executing and hands control to Upstart.
5) Upstart resets the terminal attributes on /dev/console since it is not aware plymouthd is connected to it too, but unfortunately, plymouthd is not aware of Upstart resetting the attributes and still believes (incorrectly) that echoing is disabled.
6) The passphrase for further crypto volumes is now prompted for, but this time from Upstart jobs
    (/etc/init/cryptdisks-enable.conf, /etc/init/cryptdisks-udev.conf). The user is prompted to enter further passphrases which are now echoed to the terminal due to the reset performed by Upstart.

script

stty -echo -icanon

# << main part of scripts >>

stty echo icanon

end script

Ubuntuupstart package

Comment 33 for bug 876626

Ubuntu
upstart package