After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 571846 - user password may end up in /var/log/messages
user password may end up in /var/log/messages
Status: RESOLVED FIXED
Product: gdm
Classification: Core
Component: general
2.20.x
Other All
: Urgent critical
: ---
Assigned To: Brian Cameron
GDM maintainers
Depends on:
Blocks:
 
 
Reported: 2009-02-15 16:03 UTC by Antoine Jacoutot
Modified: 2010-07-02 18:59 UTC
See Also:
GNOME target: ---
GNOME version: 2.23/2.24

Attachments
updated patch (1.34 KB, patch)
2010-05-14 00:59 UTC, Brian Cameron 		none Details | Review

Description Antoine Jacoutot 2009-02-15 16:03:18 UTC 
Hi.

I use x11vnc on my GNOME workstation so that I can access it the same way I would if I were in front of it. Today, I typed my password at GDM login prompt but somehow, an extra character ended-up in my password box and the following appeared in /var/log/messages:

Feb 15 16:14:54 foostation gdmlogin[20771]: WARNING: string not in proper utf8 encoding: "pwd@\M-C\240@\M-C\240"

In this case my password was "pwd@@".
This is a major security concern especially since /var/log/messages is readable by anyone!

This is under OpenBSD with GNOME-2.24.3 and GDM-2.20.9.
I mentioned x11vnc because I think it was the reason I was able to insert a non proper encoding.

For now, I'm just using this to make sure my password does not end up in the logs...


--- common/gdm-common.c.orig    Sun Feb 15 16:49:17 2009
+++ common/gdm-common.c Sun Feb 15 16:49:58 2009
@@ -230,7 +230,7 @@ ve_locale_from_utf8 (const char *str)
        char *ret = g_locale_from_utf8 (str, -1, NULL, NULL, NULL);
 
        if (ret == NULL) {
-               g_warning ("string not in proper utf8 encoding: \"%s\"", str);
+               g_warning ("string not in proper utf8 encoding");
                return g_strdup (str);
        } else {
                return ret;
Comment 1 Jasper Lievisse Adriaanse 2009-02-15 22:14:33 UTC 
I can confirm this (security) issue, and the proposed patch was also committed into OpenBSD ports, fwiw.
Comment 2 Brian Cameron 2010-05-14 00:59:55 UTC 
Created attachment 161016 [details] [review]
updated patch


Actually I would recommend using this patch.  Note that ve-misc.c has 4 places where it can print out strings that are not in the proper encoding.  It is probably safest to just remove them all, especially since I don't think that the debug messages really add that much value anyway.
Comment 3 Antoine Jacoutot 2010-05-14 06:20:58 UTC 
I am all for it.
I've been running with my own patch for more than a year now and I haven't found any situation where I would miss the strings prints.
Thanks for finally looking into this.
Comment 4 Antoine Jacoutot 2010-06-02 14:07:53 UTC 
Hi Brian.

Any news regarding this?
Comment 5 Brian Cameron 2010-06-02 19:23:28 UTC 
What news are you expecting?  Do you think there should be another GDM 2.20.x release with this patch?
Comment 6 Antoine Jacoutot 2010-06-02 21:43:26 UTC 
Sure. Unless this bug is supposed to stay open forever.
IIRC version > 2.20.x requires the kit stuffs (consolekit, policykit) so updating is a no go.
Comment 7 Brian Cameron 2010-06-03 18:42:06 UTC 
Committed to 2.20 branch.