[Touch-packages] [Bug 1234983] Re: greeter pin stored in plain text with hidden demo greeter code

Mon, 13 Mar 2017 13:36:18 -0700 

** Changed in: unity8 (Ubuntu)
   Importance: Undecided => High

** Changed in: unity8 (Ubuntu)
     Assignee: (unassigned) => Michael Terry (mterry)

** No longer affects: unity8

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to unity8 in Ubuntu.
https://bugs.launchpad.net/bugs/1234983

Title:
  greeter pin stored in plain text with hidden demo greeter code

Status in ubuntu-system-settings package in Ubuntu:
  Fix Released
Status in unity8 package in Ubuntu:
  Fix Released

Bug description:
  In previous images, there was a setting to setup a PIN or password for
  unlocking the greeter. This feature is no longer exposed in the user
  interface, so this is not a particularly important bug to fix and can
  likely just be closed when proper PAM support is used.

  Nevertheless:

  # cat /home/phablet/.unity8-greeter-demo
  [General]
  password=pin
  passwordValue=1234

  # ls -l /home/phablet/.unity8-greeter-demo
  -rw-r--r-- 1 phablet phablet 42 Sep 20 21:36 
/home/phablet/.unity8-greeter-demo

  If the demo code is going to be reintroduced into the user interface,
  it should not store the PIN/password in plain text because people may
  not realize it and store an important credential there. It could
  probably remain if both of these were done:

  1. the file is 'chmod 600'
  2. you used a proper hashing algorithm (see 'man crypt'-- ie, use SHA-512 
with a randomly generated salt when the password is set)

  If implementing the above, please contact the security team since we
  would want to review the implementation details.

  $ adb shell system-image-cli -i
  current build number: 78
  device name: mako
  channel: stable
  last update: 2013-10-03 13:05:32
  version version: 78
  version ubuntu: 20131003
  version device: 20131002.1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-system-settings/+bug/1234983/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to