Bug#834367: systemctl daemon-reexec (as run on systemd upgrade) causes all keystrokes to go to text console in addition to X (including passwords)
Control: tag -1 pending Felipe Sateler [2016-08-16 10:44 -0300]: > This may be related to upstream issue > https://github.com/systemd/systemd/issues/3842. > > The linked commit there seems very relevant: > "pid1: reconnect to the console before being re-executed" [1]. Could > someone try to reproduce this with this patch reverted? I did, and that indeed fixes it. Thanks for digging this out! Revert pushed to packaging git. I suppose we should upload this ASAP? Martin -- Martin Pitt| http://www.piware.de Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)
Bug#834367: systemctl daemon-reexec (as run on systemd upgrade) causes all keystrokes to go to text console in addition to X (including passwords)
On Mon, Aug 15, 2016 at 07:58:09PM +0200, Vincent Bernat wrote: > ❦ 15 août 2016 00:53 CEST, Josh Triplett: > > > [Severity and tag due to the likely possibility of exposing user > > passwords this way. If this occurs with the version in jessie as well, > > it'll require a security update.] > > I think this is fairly recent. I stumbled upon your bug report while > searching why Alt + "left arrow" switched to another VT. It started to > happen to me today. Therefore, I think this only happens with 231-2 but > not with 231-1 (assuming this is the same cause). I could reproduce it with both 231-1 and 231-2. I suspect you started seeing it when you upgraded from 231-1 to 231-2, causing a daemon-reexec, and then Alt-Left went to the text console in addition to X, causing it to change VTs. I had a similar experience: hitting Ctrl-Alt-Del rebooted directly rather than opening a GNOME dialog, because it went to the console. - Josh Triplett
Bug#834367: systemctl daemon-reexec (as run on systemd upgrade) causes all keystrokes to go to text console in addition to X (including passwords)
❦ 15 août 2016 00:53 CEST, Josh Triplett: > [Severity and tag due to the likely possibility of exposing user > passwords this way. If this occurs with the version in jessie as well, > it'll require a security update.] I think this is fairly recent. I stumbled upon your bug report while searching why Alt + "left arrow" switched to another VT. It started to happen to me today. Therefore, I think this only happens with 231-2 but not with 231-1 (assuming this is the same cause). -- Make it clear before you make it faster. - The Elements of Programming Style (Kernighan & Plauger) signature.asc Description: PGP signature
Bug#834367: systemctl daemon-reexec (as run on systemd upgrade) causes all keystrokes to go to text console in addition to X (including passwords)
Package: systemd Version: 231-2 Severity: critical Tags: security [Severity and tag due to the likely possibility of exposing user passwords this way. If this occurs with the version in jessie as well, it'll require a security update.] After running "systemctl daemon-reexec" from within an X session, all keystrokes in the X session (including passwords) appear on the underlying text console as well. They show up during the shutdown process, or any other time X stops. Since systemd's postinst runs "systemctl daemon-reexec" on upgrades, this would occur in any session after upgrading the systemd package. I can reliably reproduce this, either by upgrading or downgrading the systemd package, or by running "systemctl daemon-reexec" (as root). This might potentially explain the mention in bug 819500 of seeing usernames and passwords on the console, as well. This would only happen in a session after upgrading systemd or otherwise running "systemctl daemon-reexec", which would explain not seeing it every time. -- Package-specific info: -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.7.0-rc7-amd64 (SMP w/4 CPU cores) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages systemd depends on: ii adduser 3.115 ii libacl1 2.2.52-3 ii libapparmor12.10.95-4 ii libaudit1 1:2.6.5-1 ii libblkid1 2.28-6 ii libc6 2.23-4 ii libcap2 1:2.25-1 ii libcap2-bin 1:2.25-1 ii libcryptsetup4 2:1.7.0-2 ii libgcrypt20 1.7.2-2 ii libgpg-error0 1.24-1 ii libidn111.33-1 ii libkmod222-1.1 ii liblzma55.1.1alpha+20120614-2.1 ii libmount1 2.28-6 ii libpam0g1.1.8-3.3 ii libseccomp2 2.3.1-2 ii libselinux1 2.5-3 ii libsystemd0 231-2 ii mount 2.28-6 ii util-linux 2.28-6 Versions of packages systemd recommends: ii dbus1.10.8-1 ii libpam-systemd 231-2 Versions of packages systemd suggests: ii policykit-10.105-16 pn systemd-container pn systemd-ui Versions of packages systemd is related to: ii udev 231-2 -- no debconf information