subject:"Bug#834367\: systemctl daemon\-reexec \(as run on systemd upgrade\) causes all keystrokes to go to text console in addition to X \(including passwords\)"

Bug#834367: systemctl daemon-reexec (as run on systemd upgrade) causes all keystrokes to go to text console in addition to X (including passwords)

2016-08-16 Thread Martin Pitt

Control: tag -1 pending

Felipe Sateler [2016-08-16 10:44 -0300]:
> This may be related to upstream issue
> https://github.com/systemd/systemd/issues/3842.
> 
> The linked commit there seems very relevant:
> "pid1: reconnect to the console before being re-executed" [1]. Could
> someone try to reproduce this with this patch reverted?

I did, and that indeed fixes it. Thanks for digging this out! Revert
pushed to packaging git. I suppose we should upload this ASAP?

Martin
-- 
Martin Pitt| http://www.piware.de
Ubuntu Developer (www.ubuntu.com)  | Debian Developer  (www.debian.org)

Bug#834367: systemctl daemon-reexec (as run on systemd upgrade) causes all keystrokes to go to text console in addition to X (including passwords)

2016-08-15 Thread Josh Triplett

On Mon, Aug 15, 2016 at 07:58:09PM +0200, Vincent Bernat wrote:
>  ❦ 15 août 2016 00:53 CEST, Josh Triplett  :
> 
> > [Severity and tag due to the likely possibility of exposing user
> > passwords this way.  If this occurs with the version in jessie as well,
> > it'll require a security update.]
> 
> I think this is fairly recent. I stumbled upon your bug report while
> searching why Alt + "left arrow" switched to another VT. It started to
> happen to me today. Therefore, I think this only happens with 231-2 but
> not with 231-1 (assuming this is the same cause).

I could reproduce it with both 231-1 and 231-2.  I suspect you started
seeing it when you upgraded from 231-1 to 231-2, causing a
daemon-reexec, and then Alt-Left went to the text console in addition to
X, causing it to change VTs.

I had a similar experience: hitting Ctrl-Alt-Del rebooted directly
rather than opening a GNOME dialog, because it went to the console.

- Josh Triplett

Bug#834367: systemctl daemon-reexec (as run on systemd upgrade) causes all keystrokes to go to text console in addition to X (including passwords)

2016-08-15 Thread Vincent Bernat

 ❦ 15 août 2016 00:53 CEST, Josh Triplett  :

> [Severity and tag due to the likely possibility of exposing user
> passwords this way.  If this occurs with the version in jessie as well,
> it'll require a security update.]

I think this is fairly recent. I stumbled upon your bug report while
searching why Alt + "left arrow" switched to another VT. It started to
happen to me today. Therefore, I think this only happens with 231-2 but
not with 231-1 (assuming this is the same cause).
-- 
Make it clear before you make it faster.
- The Elements of Programming Style (Kernighan & Plauger)


signature.asc
Description: PGP signature

Bug#834367: systemctl daemon-reexec (as run on systemd upgrade) causes all keystrokes to go to text console in addition to X (including passwords)

2016-08-14 Thread Josh Triplett

Package: systemd
Version: 231-2
Severity: critical
Tags: security

[Severity and tag due to the likely possibility of exposing user
passwords this way.  If this occurs with the version in jessie as well,
it'll require a security update.]

After running "systemctl daemon-reexec" from within an X session, all
keystrokes in the X session (including passwords) appear on the
underlying text console as well.  They show up during the shutdown
process, or any other time X stops.

Since systemd's postinst runs "systemctl daemon-reexec" on upgrades,
this would occur in any session after upgrading the systemd package.

I can reliably reproduce this, either by upgrading or downgrading the
systemd package, or by running "systemctl daemon-reexec" (as root).

This might potentially explain the mention in bug 819500 of seeing
usernames and passwords on the console, as well.  This would only happen
in a session after upgrading systemd or otherwise running "systemctl
daemon-reexec", which would explain not seeing it every time.

-- Package-specific info:

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.7.0-rc7-amd64 (SMP w/4 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages systemd depends on:
ii  adduser 3.115
ii  libacl1 2.2.52-3
ii  libapparmor12.10.95-4
ii  libaudit1   1:2.6.5-1
ii  libblkid1   2.28-6
ii  libc6   2.23-4
ii  libcap2 1:2.25-1
ii  libcap2-bin 1:2.25-1
ii  libcryptsetup4  2:1.7.0-2
ii  libgcrypt20 1.7.2-2
ii  libgpg-error0   1.24-1
ii  libidn111.33-1
ii  libkmod222-1.1
ii  liblzma55.1.1alpha+20120614-2.1
ii  libmount1   2.28-6
ii  libpam0g1.1.8-3.3
ii  libseccomp2 2.3.1-2
ii  libselinux1 2.5-3
ii  libsystemd0 231-2
ii  mount   2.28-6
ii  util-linux  2.28-6

Versions of packages systemd recommends:
ii  dbus1.10.8-1
ii  libpam-systemd  231-2

Versions of packages systemd suggests:
ii  policykit-10.105-16
pn  systemd-container  
pn  systemd-ui 

Versions of packages systemd is related to:
ii  udev  231-2

-- no debconf information

Bug#834367: systemctl daemon-reexec (as run on systemd upgrade) causes all keystrokes to go to text console in addition to X (including passwords)

Bug#834367: systemctl daemon-reexec (as run on systemd upgrade) causes all keystrokes to go to text console in addition to X (including passwords)

Bug#834367: systemctl daemon-reexec (as run on systemd upgrade) causes all keystrokes to go to text console in addition to X (including passwords)

Bug#834367: systemctl daemon-reexec (as run on systemd upgrade) causes all keystrokes to go to text console in addition to X (including passwords)

4 matches

Site Navigation

Mail list logo

Footer information