misc/161486: GELI password entry is too visible

Tue, 11 Oct 2011 03:40:26 -0700 

>Number:         161486
>Category:       misc
>Synopsis:       GELI password entry is too visible
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Tue Oct 11 10:40:05 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator:     Rob VanHooren
>Release:        8.2-STABLE
>Organization:
.
>Environment:
FreeBSD host 8.2-STABLE FreeBSD 8.2-STABLE #0: Mon Oct 10 11:51:15 EDT 2011     
root@host:/usr/obj/usr/src/sys/HOST  amd64

>Description:
With enabled kern.geom.eli.visible_passphrase="1" to show GELI password, shows 
the plaintext password.

This knob is useful for debugging, however too insecure (esp. since the 
plaintext winds up in logs).

Should have an option to provide keystroke feedback, without entirely 
compromising the plaintext.


>How-To-Repeat:
with GELI entries, set kern.geom.eli.visible_passphrase=1 in loader.conf, 
reboot & observe keystroke feedback is plaintext.  Observe also the plaintext 
in dmesg.boot & /var/log/messages

>Fix:
The solution may be quite simple and I wonder why GELI developer didn't include 
it from the beginning.  

An knob enhancement which provides obsured keystroke feedback at GELI password 
entry can be achieved easily with just few lines listed below. 

--- sys/libkern/gets.c.orig 2011-04-14 22:04:25.234478722 +0200
+++ sys/libkern/gets.c 2011-04-14 22:04:32.606479912 +0200
@@ -54 +54,3 @@
- if (visible)
+ if (visible > 1)
+ printf("* \b");
+ else if (visible == 1)
@@ -63 +65,3 @@
- if (visible)
+ if (visible > 1)
+ printf("*");
+ else if (visible == 1)

Now in /boot/loader.conf

kern.geom.eli.visible_passphrase=2 (or any value greater than 1) echoes 
asterisks as keystroke feedback.

I use 8.2-STABLE kernel patched as above, and it seems nothing else is broken.

Note for fBSD9, gets.c structure is a bit different so the patch will need some 
tweaks to roll it forward from 8.2 into 9 & head.


>Release-Note:
>Audit-Trail:
>Unformatted:
_______________________________________________
freebsd-bugs@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"

Reply via email to