misc/161486: GELI password entry is too visible

Rob VanHooren robv at ieee.org
Tue Oct 11 10:40:06 UTC 2011 

>Number:         161486
>Category:       misc
>Synopsis:       GELI password entry is too visible
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Tue Oct 11 10:40:05 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator:     Rob VanHooren
>Release:        8.2-STABLE
>Organization:
.
>Environment:
FreeBSD host 8.2-STABLE FreeBSD 8.2-STABLE #0: Mon Oct 10 11:51:15 EDT 2011     root at host:/usr/obj/usr/src/sys/HOST  amd64

>Description:
With enabled kern.geom.eli.visible_passphrase="1" to show GELI password, shows the plaintext password.

This knob is useful for debugging, however too insecure (esp. since the plaintext winds up in logs).

Should have an option to provide keystroke feedback, without entirely compromising the plaintext.


>How-To-Repeat:
with GELI entries, set kern.geom.eli.visible_passphrase=1 in loader.conf, reboot & observe keystroke feedback is plaintext.  Observe also the plaintext in dmesg.boot & /var/log/messages

>Fix:
The solution may be quite simple and I wonder why GELI developer didn't include it from the beginning.  

An knob enhancement which provides obsured keystroke feedback at GELI password entry can be achieved easily with just few lines listed below. 

--- sys/libkern/gets.c.orig 2011-04-14 22:04:25.234478722 +0200
+++ sys/libkern/gets.c 2011-04-14 22:04:32.606479912 +0200
@@ -54 +54,3 @@
- if (visible)
+ if (visible > 1)
+ printf("* \b");
+ else if (visible == 1)
@@ -63 +65,3 @@
- if (visible)
+ if (visible > 1)
+ printf("*");
+ else if (visible == 1)

Now in /boot/loader.conf

kern.geom.eli.visible_passphrase=2 (or any value greater than 1) echoes asterisks as keystroke feedback.

I use 8.2-STABLE kernel patched as above, and it seems nothing else is broken.

Note for fBSD9, gets.c structure is a bit different so the patch will need some tweaks to roll it forward from 8.2 into 9 & head.


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list