Re: Thoughts about network-console
On Wednesday 04 August 2010, Thibaut Girka wrote:
> He starts the installation in front of the computer, sets a password,
> that happen to be its daily-use one.
That's not very smart, is it?
> Then, an untrustworthy colleague goes to the computer, and just
> reads /var/lib/cdebconf/questions.dat: installer's password is there,
> plain, clear text.
Did you actually check this? The password templates are of type 'password'
and thus the value should be in /var/lib/cdebconf/passwords.dat (and thus
encoded) instead of in plain text in questions.dat.
After testing I cannot find the password in questions.dat...
Also, if you look at the postinst script for network-console, you'll see
that the template already *is* cleared after the password is asked.
The above is valid when the component is used interactively.
The only case in which AFAICT what you describe can be true is when the
template is preseeded [1] while the network-console component is not yet
loaded (because then the template could be created as a regular template
instead of as a password one). As preseeding passwords in itself already
lowers security, I don't really think this is an important bug.
Please verify that you really do see readable passwords and describe the
exact scenario (architecture / image / installation method used) in which
you do.
Cheers,
FJP
[1] Certainly when preseeded at the boot prompt and maybe also when
preseeded using a preseed file. In the last case the template type
'password' can be specified, but I'm not 100% sure whether that is honored
or not.
Reply to: