[Bug 220665] New: unexpected behaviour when password for encrypted partition is too short
https://bugzilla.novell.com/show_bug.cgi?id=220665 Summary: unexpected behaviour when password for encrypted partition is too short Product: openSUSE 10.2 Version: Beta 2 Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Update Problems AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: suse-beta@cboltz.de QAContact: jsrain@novell.com I discovered a strange and unexpected behaviour in the "mount encrypted partition" dialog when updating my system to 10.2 beta2. How to reproduce: - run update installation on a system with an encrypted partition (twofish256-encrypted, created with SUSE 9.3 or newer - losetup enforces at least 8 characters for the password in this case) - in the dialog asking for the mount password, enter a too short password (for example "abcd") in both input fields - click OK Expected result: - error popup saying "password too short" or "wrong password" Actual result: - no error popup - password input fields cleared silently No y2logs this time because it's quite obvious. If you really need them, just ask. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=220665 mhorvath@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team- |jsuchome@novell.com |screening@forge.provo.novell| |.com | Severity|Normal |Major -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=220665 jsuchome@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO Info Provider| |suse-beta@cboltz.de ------- Comment #2 from jsuchome@novell.com 2006-11-16 00:36 MST ------- Yes, please attach the log files. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=220665 suse-beta@cboltz.de changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED Info Provider|suse-beta@cboltz.de | ------- Comment #3 from suse-beta@cboltz.de 2006-11-16 04:57 MST ------- the y2logs are in attachment 105301 of bug 221071 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=220665 jsuchome@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |INVALID ------- Comment #4 from jsuchome@novell.com 2006-11-16 06:10 MST ------- Hm, it looks like the code is correct: (log says) RootPart.ycp:610 crypt pwd ok:false This output should only appear if you've entered empty password or canceled (via "Skip" button) the password popup. Even the macro recorder says you've canceled the popup (see macro_inst_initial.ycp, line 222). Closing as invalid unless you can reproduce it. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=220665 suse-beta@cboltz.de changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|INVALID | ------- Comment #5 from suse-beta@cboltz.de 2006-11-17 04:25 MST ------- I played a bit around with the dialog, therefore the log might be a bit confusing ;-) (yes, finally I clicked cancel) I just reproduced the bug. What I did: - boot the installation system - choose "update" - choose the partition to update - in the "mount encrypted partition" dialog a) enter "abcd" in both fields, press return b) enter "abcd" in both fields again, click OK in both cases the password fields were emptied without any error message - saved the y2logs (with the dialog still open) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=220665 ------- Comment #6 from suse-beta@cboltz.de 2006-11-17 05:02 MST ------- Created an attachment (id=105968) --> (https://bugzilla.novell.com/attachment.cgi?id=105968&action=view) less confusing ;-) y2logs Argh - I still had ZYPP_FULLLOG in the boot options :-( I grep'ped -v "TagFileParser" to make the file smaller. (filename YaST2/y2log_without_TagFileParser instead of YaST2/y2log) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=220665 ------- Comment #7 from jsuchome@novell.com 2006-11-20 06:36 MST ------- Oh, now I can see it - there is a check .. else if ( size(pw1) >= 5 ) { input_is_ok = true; } in custom_part_dialogs.ycp (starting at line 271). You are right, when password is shorter, pw fields are emptied and no error message is shown. I don't know why this limit is there. If it couldn't be removed, error popup is necessary, but it's too late for new texts now. I'm afraid we have to leave this for 10.2 the way it is. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=220665 ------- Comment #8 from emap@novell.com 2006-11-20 06:49 MST ------- I agree, it's too late now to fix this. The bug is annoying of course, but doesn't justify adding the error pop-up this late in the release. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=220665 ------- Comment #11 from suse-beta@cboltz.de 2006-11-20 18:05 MST ------- (In reply to comment #7)
I don't know why this limit is there. If it couldn't be removed, error popup is necessary, but it's too late for new texts now.
What about recycling the "wrong password, try again?" dialog I see when entering a long enough, but wrong password? In fact, a too short password is indeed a wrong password ;-) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=220665 ------- Comment #14 from jsuchome@novell.com 2006-11-21 03:48 MST ------- Created an attachment (id=106374) --> (https://bugzilla.novell.com/attachment.cgi?id=106374&action=view) proposed patch for /usr/share/YaST2/include/partitioning/custom_part_dialogs.ycp -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=220665 ------- Comment #15 from jsuchome@novell.com 2006-11-21 04:05 MST ------- Fix submited in yast2-storage-2.14.18, Thomas, please adapt also SLES10-SP1 version later (leaving as open because of that). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=220665 ------- Comment #17 from suse-beta@cboltz.de 2006-11-26 07:28 MST ------- VERIFIED for 10.2 RC1 (Factory from yesterday) - the error message is even translated :-) Thanks for fixing this! (and still leaving open for SLES) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=220665 fehr@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |FIXED ------- Comment #18 from fehr@novell.com 2006-12-04 08:53 MST ------- Took you patch also into SLES10 SP1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=220665 suse-beta@cboltz.de changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED ------- Comment #19 from suse-beta@cboltz.de 2006-12-04 11:34 MST ------- (In reply to comment #17)
VERIFIED for 10.2 RC1 (Factory from yesterday) - the error message is even translated :-)
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
participants (1)
-
bugzilla_noreply@novell.com