[Bug 1942003] [NEW] Partial interactive password read on Focal

2021-08-29 Thread Aaron Thompson 
Public bug reported:

Upstream bug: https://gitlab.com/cryptsetup/cryptsetup/-/issues/627

This is a latent bug in cryptsetup versions before 2.3.5 that surfaced
due to a change in the behavior of the kernel's TTY driver. The bug was
not triggered on Focal's 5.8 kernels, but it is on the 5.11 kernel that
was recently released, so this bug is now occurring on up-to-date Focal
systems.

This bug only occurs, at least in my testing, for interactively-entered
passphrases with lengths that are a multiple of 64. In that case,
cryptsetup reads one byte less than it should. (A test tool is
attached.) I would guess this bug won't be triggered for many people,
but for those who do happen to hit it, it's pretty bad. Volumes created
without the bug cannot be unlocked interactively with the bug.
cryptsetup will only read the passphrase correctly using a non-TTY stdin
or a key file. Also, volumes created interactively with the bug can be
unlocked without the bug, but only if the last byte of the passphrase is
omitted.

For example, on a current Focal host:

$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:Ubuntu 20.04.3 LTS
Release:20.04
Codename:   focal

$ uname -a
Linux ip-172-31-9-241 5.11.0-1016-aws #17~20.04.1-Ubuntu SMP Thu Aug 12 
05:39:36 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

$ dpkg-query --no-pager -l cryptsetup-bin
ii  cryptsetup-bin 2:2.2.2-3ubuntu2.3 amd64disk encryption support - 
command line tools

$ perl -pe chomp > test-passphrase
1234567891123456789212345678931234567894123456789512345678961234

$ wc test-passphrase 
 0  1 64 test-passphrase

$ dd if=/dev/zero of=test-block-dev bs=32M count=1
$ sudo cryptsetup luksFormat test-block-dev test-passphrase 

WARNING!

This will overwrite data on test-block-dev irrevocably.

Are you sure? (Type uppercase yes): YES

$ sudo cryptsetup --tries 1 open test-block-dev testing
Enter passphrase for test-block-dev: 
1234567891123456789212345678931234567894123456789512345678961234
No key available with this passphrase.

$ dd if=/dev/zero of=test-block-dev bs=32M count=1
$ sudo cryptsetup luksFormat test-block-dev

WARNING!

This will overwrite data on test-block-dev irrevocably.

Are you sure? (Type uppercase yes): YES
Enter passphrase for test-block-dev: 
1234567891123456789212345678931234567894123456789512345678961234
Verify passphrase: 
1234567891123456789212345678931234567894123456789512345678961234

$ sudo cryptsetup --key-file test-passphrase open test-block-dev testing
No key available with this passphrase.


In contrast, both of the cryptsetup open commands succeed if running on a 5.8 
kernel.

Fortunately the fix is straightforward so I hope we can get it released
to Focal. I'll send a merge request.

** Affects: cryptsetup (Ubuntu)
 Importance: Undecided
 Status: New

** Attachment added: "A test tool that shows what the buggy cryptsetup reads 
from a TTY"
   
https://bugs.launchpad.net/bugs/1942003/+attachment/5521478/+files/tty-read-test.c

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1942003

Title:
  Partial interactive password read on Focal

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1942003/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1926819] Re: Empty MOTD on up-to-date systems (includes fix)

2021-05-05 Thread Aaron Thompson 
Thanks for the response Lucas. I would prefer to see something to the
effect that the system is up to date, because that at least tells me
that update-notifier-common is there and working. But if the decision is
to not write anything in that case, then I strongly agree with Daniel.
The 3 blank lines are really noticeable and they make it look like
something went wrong. It looks like something is supposed to be there
but isn't. IMO there should be 1 or 0 blank lines. Anything more and it
looks like a potential bug.

I would suggest that the tests from my patch (or similar) be added to
the codebase, updated with the intended output of course. Such tests
would make it clear that this change was intentional and not accidental.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1926819

Title:
  Empty MOTD on up-to-date systems (includes fix)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/update-notifier/+bug/1926819/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1926819] Re: Empty MOTD on up-to-date focal systems (includes fix)

2021-04-30 Thread Aaron Thompson 
** Summary changed:

- Empty MOTD on update-to-date focal systems (includes fix)
+ Empty MOTD on up-to-date focal systems (includes fix)

** Summary changed:

- Empty MOTD on up-to-date focal systems (includes fix)
+ Empty MOTD on up-to-date systems (includes fix)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1926819

Title:
  Empty MOTD on up-to-date systems (includes fix)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/update-notifier/+bug/1926819/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1926819] [NEW] Empty MOTD on update-to-date focal systems (includes fix)

2021-04-30 Thread Aaron Thompson 
Public bug reported:

Starting with update-notifier-common 3.192.30.7 (focal), my up-to-date
systems are showing this MOTD on login:

Welcome to Ubuntu 20.04.2 LTS (GNU/Linux 5.4.0-72-generic x86_64)


user@host:~$


I've attached a patch that fixes this issue and adds more test cases.

** Affects: update-notifier (Ubuntu)
 Importance: Undecided
 Status: New

** Patch added: 
"0001-apt_check.py-Fix-empty-output-in-the-no-ESM-up-to-da.patch"
   
https://bugs.launchpad.net/bugs/1926819/+attachment/5493997/+files/0001-apt_check.py-Fix-empty-output-in-the-no-ESM-up-to-da.patch

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1926819

Title:
  Empty MOTD on update-to-date focal systems (includes fix)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/update-notifier/+bug/1926819/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs