Bug 21272
Summary: | Login password is shown in plaintext | ||
---|---|---|---|
Product: | IO/Storage | Reporter: | sworddragon2 |
Component: | Other | Assignee: | io_other |
Status: | CLOSED INVALID | ||
Severity: | normal | CC: | alan, Firestone |
Priority: | P1 | ||
Hardware: | All | ||
OS: | Linux | ||
Kernel Version: | 2.6.36-1 ubuntu x86_64 | Subsystem: | |
Regression: | No | Bisected commit-id: |
Description
sworddragon2
2010-10-27 15:59:10 UTC
I use laptop-mode on my laptop, which spins down the hd after so many minutes of inactivity. When I need to enter the password when this is the case, i.e. login or su, it reproduces the password echoing issue discussed here. After a few months of witnessing this, I have noticed that the initial command lets the hd spin up again, e.g. su, and that the moment between entering the echoless password and being able to safely enter it is equal to the spin up delay. When not using laptop-mode, this issue does not occur. The problem is not a bug of laptop-mode, as I read reports that it seems to occur with heavy load too. We therefore need a change in the way functions that require passwords are processed, e.g. some sort of symbol that prevents input echo on that terminal until the security kicks in. Note that this does not seem to be related to a certain kernel version, as I am on a rolling release(Arch). For completeness: Linux Host 2.6.35-ARCH #1 SMP PREEMPT i686 Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz GenuineIntel GNU/Linux Login/password is not a kernel bug but a userspace one in your distro Closing old forgotten bug therefore |