[opensuse-factory] Encripted partitions: no timeout.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, On 13.1 Beta 1, with an encripted partition, without plymouth, booting on text mode, when it asks for the password, if I do nothing it does not timeout and boot doesn't complete. Is this a new feature or a new bug? Compared with 12.3, same config, this does not happen (ie, prompt times out and booting proceeds). To me, this is a security problem. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iEYEARECAAYFAlJI1XEACgkQtTMYHG2NR9WKjQCfRae6YbCEz2HH6Cgq2ZahFmff uaEAniI/xk2KybBWxMZu3LU37HvODcoz =OQSm -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
В Mon, 30 Sep 2013 03:35:36 +0200 (CEST)
"Carlos E. R."
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi,
On 13.1 Beta 1, with an encripted partition, without plymouth, booting on text mode, when it asks for the password, if I do nothing it does not timeout and boot doesn't complete.
Is this a new feature or a new bug?
Compared with 12.3, same config, this does not happen (ie, prompt times out and booting proceeds).
Sounds like this commit.
commit 49714341c3f815118f8a51136aa9857bab7144c2
Author: Harald Hoyer
To me, this is a security problem.
It is certainly inconvenient when you have non-critical filesystem blocking boot, but what security threat is here? -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iEYEARECAAYFAlJI4wAACgkQR6LMutpd94yatQCguL2j4pjx0iBRNlI//CAfb1Z6 +bYAnAlFAqSPtcnYK1K6dOAsfJoNscDj =b/+l -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2013-09-30 04:33, Andrey Borzenkov wrote:
It is certainly inconvenient when you have non-critical filesystem blocking boot, but what security threat is here?
That a casual onlooker sees there are encripted partitions. - -- Cheers / Saludos, Carlos E. R. (from 12.3 x86_64 "Dartmouth" at Telcontar) - -- Cheers / Saludos, Carlos E. R. (from 12.3 x86_64 "Dartmouth" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlJI5e0ACgkQtTMYHG2NR9WuhACglg4pB4vrFZmBgtho1E1HO4t9 vMAAn2301ofZdNnEOIXM4JTcV2hvKD7A =A2wo -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 2013-09-30 04:33, Andrey Borzenkov wrote:
It is certainly inconvenient when you have non-critical filesystem blocking boot, but what security threat is here?
Also [ENTER] does not continue, it asks again. At least 6 times. -- Cheers / Saludos, Carlos E. R. (from 12.3 x86_64 "Dartmouth" at Telcontar)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2013-09-30 04:33, Andrey Borzenkov wrote:
Sounds like this commit.
Can the admin change that timeout? - -- Cheers / Saludos, Carlos E. R. (from 12.3 x86_64 "Dartmouth" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlJI5qIACgkQtTMYHG2NR9W1jQCeLZc2ZorwNKmRt2grCmovyiTw 2ZAAn3hvUFkgfPR91LOoySBO5GZMT6Ma =PS1y -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
В Mon, 30 Sep 2013 04:49:06 +0200
"Carlos E. R."
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 2013-09-30 04:33, Andrey Borzenkov wrote:
Sounds like this commit.
Can the admin change that timeout?
Sure. In /etc/crypttab :) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iEYEARECAAYFAlJJqhoACgkQR6LMutpd94zohwCgv+5lQ1ac9I+4F1rc4OHDzQTt zbsAn1i/EG5pYFI0TQdz5YJbdl5WDRSw =rpjR -----END PGP SIGNATURE-----
participants (3)
-
Andrey Borzenkov
-
Carlos E. R.
-
Carlos E. R.