[pkg-cryptsetup-devel] Bug#1061592: cryptsetup: Password prompt during boot echoes characters to the screen in plaintext
Francois Marier
francois at debian.org
Sat Jan 27 00:34:57 GMT 2024
Package: cryptsetup
Version: 2:2.6.1-6+b1
Severity: normal
On my machine, if I ESC out of the plymouth password prompt (which does hide
the characters I type), I get the a text-mode prompt ("Please unlock disk
nvme0n1p4_crypt") which echoes to the screen the characters I type. Then it
repeats the prompt with asterisks. So it looks like this:
Please unlock disk nvme0n1p4_crypt: SooperSekretPassword1!@
Please unlock disk nvme0n1p4_crypt: ***********************
which isn't great because anybody looking over my shoulder can see it, or
anybody who Ctrl+F1 into the console later on and then scrolls back up.
Francois
-- Package-specific info:
-- /proc/cmdline
BOOT_IMAGE=/vmlinuz-6.6.13-amd64 root=UUID=4d44aae6-2235-47f2-9de5-595ed5cd4a4c ro rootflags=subvol=@rootfs mem_sleep_default=deep module_blacklist=hid_sensor_hub memtest=1 quiet splash
-- /etc/crypttab
nvme0n1p3_crypt /dev/nvme0n1p3 /dev/urandom cipher=aes-xts-plain64,size=256,swap,discard
nvme0n1p4_crypt UUID=29be86f7-f2fe-412f-afd8-5740f70f5a2e none luks,discard
-- /etc/fstab
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# systemd generates mount units based on this file, see systemd.mount(5).
# Please run 'systemctl daemon-reload' after making changes here.
#
# <file system> <mount point> <type> <options> <dump> <pass>
/dev/mapper/nvme0n1p4_crypt / btrfs noatime,nodiratime,subvol=@rootfs 0 0
# /boot was on /dev/nvme0n1p2 during installation
UUID=7543aee2-af70-44da-bae2-4f059801f08d /boot ext4 ro,noatime,nodiratime,nodev,nosuid,noexec 0 2
# /boot/efi was on /dev/nvme0n1p1 during installation
UUID=0B84-3C60 /boot/efi vfat ro,nodev,nosuid,noexec,umask=0077 0 1
/dev/mapper/nvme0n1p3_crypt none swap sw 0 0
# Harden pid directories from normal users
proc /proc proc hidepid=2 0 0
# Safe tmp directory
tmpfs /tmp tmpfs size=8G,noexec,nosuid,nodev 0 0
# Removable storage
/dev/sr0 /media/cdrom udf,iso9660 user,noauto,nodev,nosuid 0 0
/dev/sdb1 /media/usbdisk auto user,noauto,nodev,nosuid,noexec 0 0
-- lsmod
Module Size Used by
snd_seq_dummy 12288 0
snd_hrtimer 12288 1
snd_seq 114688 7 snd_seq_dummy
snd_seq_device 16384 1 snd_seq
nfnetlink_queue 32768 1
xt_comment 12288 0
xt_NFQUEUE 12288 1
xt_MASQUERADE 16384 2
xt_mark 12288 0
nft_chain_nat 12288 2
nf_nat 65536 2 nft_chain_nat,xt_MASQUERADE
tun 69632 2
ip6t_frag 16384 1
ip6t_REJECT 12288 2
nf_reject_ipv6 20480 1 ip6t_REJECT
xt_LOG 16384 2
nf_log_syslog 24576 2
ipt_REJECT 12288 1
nf_reject_ipv4 16384 1 ipt_REJECT
xt_tcpudp 16384 0
xt_conntrack 12288 4
nf_conntrack 212992 3 xt_conntrack,nf_nat,xt_MASQUERADE
nf_defrag_ipv6 24576 1 nf_conntrack
nf_defrag_ipv4 12288 1 nf_conntrack
nft_compat 20480 13
nf_tables 372736 479 nft_compat,nft_chain_nat
qrtr 57344 4
chaoskey 20480 0
sg 45056 0
uvcvideo 147456 0
videobuf2_vmalloc 20480 1 uvcvideo
uvc 12288 1 uvcvideo
videobuf2_memops 16384 1 videobuf2_vmalloc
videobuf2_v4l2 36864 1 uvcvideo
videodev 368640 2 videobuf2_v4l2,uvcvideo
videobuf2_common 77824 4 videobuf2_vmalloc,videobuf2_v4l2,uvcvideo,videobuf2_memops
mc 94208 4 videodev,videobuf2_v4l2,uvcvideo,videobuf2_common
binfmt_misc 28672 1
nls_ascii 12288 1
nls_cp437 16384 1
vfat 20480 1
fat 102400 1 vfat
snd_sof_pci_intel_tgl 12288 0
iwlmvm 589824 0
snd_sof_intel_hda_common 217088 1 snd_sof_pci_intel_tgl
soundwire_intel 73728 1 snd_sof_intel_hda_common
soundwire_generic_allocation 12288 1 soundwire_intel
snd_sof_intel_hda_mlink 40960 2 soundwire_intel,snd_sof_intel_hda_common
soundwire_cadence 45056 1 soundwire_intel
mac80211 1392640 1 iwlmvm
snd_sof_intel_hda 24576 1 snd_sof_intel_hda_common
snd_sof_pci 24576 2 snd_sof_intel_hda_common,snd_sof_pci_intel_tgl
snd_sof_xtensa_dsp 16384 1 snd_sof_intel_hda_common
snd_sof 360448 3 snd_sof_pci,snd_sof_intel_hda_common,snd_sof_intel_hda
ext4 1134592 1
snd_sof_utils 16384 1 snd_sof
snd_soc_hdac_hda 28672 1 snd_sof_intel_hda_common
snd_hda_codec_hdmi 90112 1
libarc4 12288 1 mac80211
snd_hda_ext_core 36864 4 snd_sof_intel_hda_common,snd_soc_hdac_hda,snd_sof_intel_hda_mlink,snd_sof_intel_hda
snd_soc_acpi_intel_match 98304 2 snd_sof_intel_hda_common,snd_sof_pci_intel_tgl
intel_uncore_frequency 12288 0
snd_soc_acpi 16384 2 snd_soc_acpi_intel_match,snd_sof_intel_hda_common
intel_uncore_frequency_common 16384 1 intel_uncore_frequency
x86_pkg_temp_thermal 16384 0
iwlwifi 544768 1 iwlmvm
snd_soc_core 434176 4 soundwire_intel,snd_sof,snd_sof_intel_hda_common,snd_soc_hdac_hda
crc16 12288 1 ext4
intel_powerclamp 16384 0
mbcache 16384 1 ext4
snd_hda_codec_idt 77824 1
coretemp 16384 0
jbd2 196608 1 ext4
snd_hda_codec_generic 114688 1 snd_hda_codec_idt
snd_compress 28672 1 snd_soc_core
kvm_intel 413696 0
ledtrig_audio 12288 1 snd_hda_codec_generic
snd_pcm_dmaengine 16384 1 snd_soc_core
soundwire_bus 114688 3 soundwire_intel,soundwire_generic_allocation,soundwire_cadence
cfg80211 1343488 3 iwlmvm,iwlwifi,mac80211
crc32c_generic 12288 0
snd_hda_intel 61440 1
kvm 1363968 1 kvm_intel
snd_intel_dspcfg 36864 3 snd_hda_intel,snd_sof,snd_sof_intel_hda_common
snd_intel_sdw_acpi 16384 2 snd_sof_intel_hda_common,snd_intel_dspcfg
snd_hda_codec 225280 6 snd_hda_codec_generic,snd_hda_codec_hdmi,snd_hda_intel,snd_soc_hdac_hda,snd_sof_intel_hda,snd_hda_codec_idt
snd_hda_core 147456 9 snd_hda_codec_generic,snd_hda_codec_hdmi,snd_hda_intel,snd_hda_ext_core,snd_hda_codec,snd_sof_intel_hda_common,snd_soc_hdac_hda,snd_sof_intel_hda,snd_hda_codec_idt
irqbypass 12288 1 kvm
mei_wdt 12288 0
mei_pxp 16384 0
mei_hdcp 28672 0
snd_hwdep 20480 1 snd_hda_codec
rapl 20480 0
processor_thermal_device_pci 12288 0
snd_pcm 192512 11 snd_hda_codec_hdmi,snd_hda_intel,snd_hda_codec,soundwire_intel,snd_sof,snd_sof_intel_hda_common,snd_compress,snd_soc_core,snd_sof_utils,snd_hda_core,snd_pcm_dmaengine
pmt_telemetry 12288 0
processor_thermal_device 20480 1 processor_thermal_device_pci
iTCO_wdt 12288 0
cros_usbpd_charger 20480 0
pmt_class 12288 1 pmt_telemetry
intel_rapl_msr 20480 0
ucsi_acpi 12288 0
intel_cstate 20480 0
intel_pmc_bxt 16384 1 iTCO_wdt
cros_usbpd_logger 16384 0
cros_usbpd_notify 20480 1 cros_usbpd_charger
cros_ec_sysfs 12288 0
cros_ec_chardev 12288 0
cros_ec_debugfs 12288 0
intel_uncore 258048 0
processor_thermal_rfim 28672 1 processor_thermal_device
snd_timer 53248 3 snd_seq,snd_hrtimer,snd_pcm
mei_me 57344 3
iTCO_vendor_support 12288 1 iTCO_wdt
typec_ucsi 61440 1 ucsi_acpi
processor_thermal_mbox 16384 2 processor_thermal_rfim,processor_thermal_device
snd 155648 17 snd_hda_codec_generic,snd_seq,snd_seq_device,snd_hda_codec_hdmi,snd_hwdep,snd_hda_intel,snd_hda_codec,snd_sof,snd_timer,snd_compress,snd_soc_core,snd_pcm,snd_hda_codec_idt
wmi_bmof 12288 0
rfkill 40960 2 iwlmvm,cfg80211
watchdog 49152 2 iTCO_wdt,mei_wdt
mei 184320 7 mei_wdt,mei_hdcp,mei_pxp,mei_me
processor_thermal_rapl 16384 1 processor_thermal_device
typec 110592 1 typec_ucsi
soundcore 16384 1 snd
intel_vsec 20480 0
intel_rapl_common 36864 2 intel_rapl_msr,processor_thermal_rapl
roles 16384 1 typec_ucsi
int3403_thermal 16384 0
int340x_thermal_zone 16384 2 int3403_thermal,processor_thermal_device
ac 16384 0
int3400_thermal 20480 0
acpi_thermal_rel 20480 1 int3400_thermal
intel_pmc_core 81920 0
joydev 24576 0
acpi_pad 184320 0
hid_multitouch 32768 0
serio_raw 16384 0
evdev 28672 28
msr 12288 0
parport_pc 40960 0
ppdev 24576 0
lp 20480 0
parport 81920 3 parport_pc,lp,ppdev
loop 36864 0
efi_pstore 12288 0
configfs 69632 1
nfnetlink 20480 5 nfnetlink_queue,nft_compat,nf_tables
efivarfs 24576 1
ip_tables 28672 0
x_tables 57344 12 xt_conntrack,nft_compat,xt_LOG,xt_tcpudp,xt_comment,ipt_REJECT,ip_tables,xt_MASQUERADE,ip6t_REJECT,ip6t_frag,xt_NFQUEUE,xt_mark
autofs4 57344 2
btrfs 2015232 1
xor 20480 1 btrfs
raid6_pq 122880 1 btrfs
libcrc32c 12288 4 nf_conntrack,nf_nat,btrfs,nf_tables
dm_crypt 61440 2
dm_mod 221184 6 dm_crypt
sd_mod 86016 0
usbhid 73728 0
r8153_ecm 12288 0
uas 32768 0
usb_storage 86016 1 uas
scsi_mod 331776 4 sd_mod,usb_storage,uas,sg
scsi_common 16384 5 scsi_mod,sd_mod,usb_storage,uas,sg
cdc_ncm 49152 0
cdc_ether 24576 2 r8153_ecm,cdc_ncm
usbnet 65536 3 r8153_ecm,cdc_ncm,cdc_ether
r8152 151552 1 r8153_ecm
mii 16384 2 usbnet,r8152
i915 3956736 15
crc32_pclmul 12288 0
crc32c_intel 16384 4
drm_buddy 20480 1 i915
nvme 57344 4
ghash_clmulni_intel 16384 0
i2c_algo_bit 12288 1 i915
nvme_core 196608 5 nvme
sha512_ssse3 53248 0
drm_display_helper 233472 1 i915
sha256_ssse3 32768 0
t10_pi 20480 2 sd_mod,nvme_core
cec 69632 2 drm_display_helper,i915
hid_generic 12288 0
sha1_ssse3 32768 0
rc_core 73728 2 cec
crc64_rocksoft_generic 12288 1
xhci_pci 24576 0
i2c_hid_acpi 12288 0
ttm 106496 1 i915
crc64_rocksoft 16384 1 t10_pi
i2c_hid 40960 1 i2c_hid_acpi
xhci_hcd 352256 1 xhci_pci
cros_ec_dev 12288 0
drm_kms_helper 270336 2 drm_display_helper,i915
crc_t10dif 16384 1 t10_pi
aesni_intel 360448 4
hid 176128 4 i2c_hid,usbhid,hid_multitouch,hid_generic
crct10dif_generic 12288 0
crct10dif_pclmul 12288 1
intel_lpss_pci 24576 0
cros_ec_lpcs 16384 0
crypto_simd 16384 1 aesni_intel
usbcore 405504 12 xhci_hcd,usbnet,usbhid,r8153_ecm,cdc_ncm,usb_storage,uvcvideo,xhci_pci,cdc_ether,uas,r8152,chaoskey
crc64 16384 2 crc64_rocksoft,crc64_rocksoft_generic
drm 806912 13 i2c_hid,drm_kms_helper,drm_display_helper,drm_buddy,i915,ttm
intel_lpss 16384 1 intel_lpss_pci
video 77824 1 i915
cros_ec 20480 1 cros_ec_lpcs
psmouse 208896 0
cryptd 28672 4 crypto_simd,ghash_clmulni_intel
crct10dif_common 12288 3 crct10dif_generic,crc_t10dif,crct10dif_pclmul
i2c_i801 36864 0
idma64 20480 0
i2c_smbus 16384 1 i2c_i801
usb_common 20480 4 xhci_hcd,usbcore,uvcvideo,typec_ucsi
battery 28672 0
button 24576 0
wmi 40960 2 video,wmi_bmof
-- System Information:
Debian Release: trixie/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.6.13-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages cryptsetup depends on:
ii cryptsetup-bin 2:2.6.1-6+b1
ii debconf [debconf-2.0] 1.5.85
ii dmsetup 2:1.02.185-3
ii libc6 2.37-14
cryptsetup recommends no packages.
Versions of packages cryptsetup suggests:
ii cryptsetup-initramfs 2:2.6.1-6
ii dosfstools 4.2-1
pn keyutils <none>
ii liblocale-gettext-perl 1.07-6+b1
-- debconf information:
cryptsetup/prerm_active_mappings: true
More information about the pkg-cryptsetup-devel
mailing list