Password-related vulnerability with SDDM and Plasma Wayland session

Plasma Wayland opens on a different TTY than SDDM. If you use the Show Password button on SDDM and login to Plasma Wayland, it is possible to switch back to the TTY containing SDDM and see the password in plain view. Even if the screen is locked, it is possible to view the password in SDDM. This could be an issue if a person locks their computer and walks away. Then an untrustworthy person can switch to the TTY containing SDDM, see the password, unlock their session, and have full root access if the user has sudo rights.

Edit: I filed a bug report on SDDM’s github.

4 Likes

Can’t reproduce it. Tested on 3 installs. Care to give more context?
Do you have multiple users, one or more displays? Does it show on all or just one?

1 Like

I have one display. One user account. Sddm runs on tty1. Plasma Wayland runs on tty2. If I have sddm show the password and then log in without hiding the password, I can switch back to tty1 and see my password, even when the plasma lock screen is visible.

I’m running Plasma Wayland. If I switch to TTY1, all I get is a black screen with my mouse cursor on it.

1 Like

I can switch back and forth between my Plasma Wayland session and the SDDM screen. However my particular SDDM screen does not have the Show Password button.

On our SDDM theme, the file Login.qml has the line 78 with revealPasswordButtonShown: true instead of revealPasswordButtonShown: false as is on default Breeze. Either way, the OP is saying that the password remains in the password field as a plain text, so that is what we try to establish. As @Strit - i also get black screen if i switch to TTY1 after logging in Wayland Session, regardless if on native install or VM, so maybe that is why i can’t reproduce …

Did you create any specific config to have plasma on TTY2 - or is this default for Plasma?

The reason I am asking is because I use sddm (which defaults to TTY1) on my openbox installation but sddm is replaced by Openbox on login - so my desktop session runs on TTY1.

Doh :man_facepalming: forgot about the Wayland thing … I am using X

Only wayland defaults to TTY2 …

2 Likes

I’m not clear on the details, but I believe this is to do with SDDM not yet being converted to run as native Wayland protocol. So for the time being we have Wayland on X, if that makes sense?

Tested using sddm → sway wm (custom sddm theme)

The wm runs on TTY2 after login and switching to TTY1 reveals nothing but a blank screen with a mouse cursor.

So my next step to verify this must me to load a default Manjaro KDE.

EDIT:

Tested on bare metal - old Acer Aspire ES1432.

I have not been able to reproduce. The sddm session on TTY1 is replaced by the plasma session

@ben81

Could you please provide the setting you have used on the system?

Any relevant system configuration applied e.g. sddm.conf and/or .xinitrc.

Profile’s info:

Branch: Other OS

@ben81 on which OS did you meet this issue?

Also, if you submitted a bug report, than you expect the issue will get a fix in some future version, right? By expecting a fix you to expecting an app changes, app changes are version-related, so you know that an issue is version-related, but did not mention it for unknown reason. May be you use a bit older or newer version, which contains it, and we are ahead of or behind that version. May be configs involved. But the first thing to mention should be version of an app. It should be a start point of issue report.

Also will be perfect to post step by step instruction and you already have a statistics of at least 2-3 cases: you know a probability of the issue appearing and you can include it into bug report also: that could help to figure out dependencies of it. Probability of 100% vs 90% could point to completely another source of the issue. Also probability of 50%, 20% could note to test the case more times under a slightly different circumstances.

So, please be more precise by adding:
-) OS (since you use KDE it is kinfocenter about-distro);
-) version(s);
-) step by step reproduce instruction;
-) probability (occurs in X of Y cases of trying to reproduce), even if Y is 2 only;
-) configs request by linux-aarhus.

Thank you for the report!

I am back on Manjaro, testing branch. It said Other OS in my profile because I tried Tumbleweed a month ago. It was slow and froze a lot, so I reinstalled Manjaro. I updated my profile.

I am using Manjaro’s default settings for SDDM. The issue for me is that SDDM doesn’t blank TTY1 after logging into Plasma Wayland. It is a security issue only if I use Show Password. Otherwise, TTY1 shows SDDM with ●●●●●●●● in the password field.

That is the weird thing - I cannot reproduce it - that why I would like to see some config files.

I have tested a default KDE on stable branch - and I can’t figure out how - so my thought is this as a coincidence - a random combination of configurations.

I think it would be nice to see the content of

  • /etc/sddm.conf
    • any configs under /etc/sddm.conf.d
  • ~/.xinitrc
  • ~/.xprofile
  • /usr/lib/sddm/sddm.conf.d/default.conf
1 Like

/etc/sddm.conf

[Autologin]
Relogin=false
Session=plasma

[General]
HaltCommand=/usr/bin/systemctl poweroff
InputMethod=
Numlock=none
RebootCommand=/usr/bin/systemctl reboot

[Theme]
Current=breath2
CursorTheme=breeze_cursors
DisableAvatarsThreshold=7
EnableAvatars=true
FacesDir=/usr/share/sddm/faces
ThemeDir=/usr/share/sddm/themes

[Users]
DefaultPath=/usr/local/sbin:/usr/local/bin:/usr/bin
HideShells=
HideUsers=
MaximumUid=60000
MinimumUid=1000
RememberLastSession=true
RememberLastUser=true
ReuseSession=false

[Wayland]
EnableHiDPI=false
SessionCommand=/usr/share/sddm/scripts/wayland-session
SessionDir=/usr/share/wayland-sessions
SessionLogFile=.local/share/sddm/wayland-session.log

[X11]
DisplayCommand=/usr/share/sddm/scripts/Xsetup
DisplayStopCommand=/usr/share/sddm/scripts/Xstop
EnableHiDPI=false
MinimumVT=1
ServerArguments=-nolisten tcp
ServerPath=/usr/bin/X
SessionCommand=/usr/share/sddm/scripts/Xsession
SessionDir=/usr/share/xsessions
SessionLogFile=.local/share/sddm/xorg-session.log
UserAuthFile=.Xauthority
XauthPath=/usr/bin/xauth
XephyrPath=/usr/bin/Xephyr

/etc/sddm.conf.d/virtualkeyboard.conf

InputMethod=qtvirtualkeyboard

~/.xinitrc

#!/bin/bash
#
# ~/.xinitrc
#
# Executed by startx (run your window manager from here)

userresources=$HOME/.Xresources
usermodmap=$HOME/.Xmodmap
sysresources=/etc/X11/xinit/.Xresources
sysmodmap=/etc/X11/xinit/.Xmodmap

DEFAULT_SESSION=startplasma-x11

# merge in defaults and keymaps

if [ -f $sysresources ]; then
    xrdb -merge $sysresources
fi

if [ -f $sysmodmap ]; then
    xmodmap $sysmodmap
fi

if [ -f "$userresources" ]; then
    xrdb -merge "$userresources"
fi

if [ -f "$usermodmap" ]; then
    xmodmap "$usermodmap"
fi

# start some nice programs

if [ -d /etc/X11/xinit/xinitrc.d ] ; then
    for f in /etc/X11/xinit/xinitrc.d/?*.sh ; do
        [ -x "$f" ] && . "$f"
    done
    unset f
fi

get_session(){
    local dbus_args=(--sh-syntax --exit-with-session)
    case $1 in
        awesome) dbus_args+=(awesome) ;;
        bspwm) dbus_args+=(bspwm-session) ;;
        budgie) dbus_args+=(budgie-desktop) ;;
        cinnamon) dbus_args+=(cinnamon-session) ;;
        deepin) dbus_args+=(startdde) ;;
        enlightenment) dbus_args+=(enlightenment_start) ;;
        fluxbox) dbus_args+=(startfluxbox) ;;
        gnome) dbus_args+=(gnome-session) ;;
        i3|i3wm) dbus_args+=(i3 --shmlog-size 0) ;;
        jwm) dbus_args+=(jwm) ;;
        kde) dbus_args+=(startplasma-x11) ;;
        lxde) dbus_args+=(startlxde) ;;
        lxqt) dbus_args+=(lxqt-session) ;;
        mate) dbus_args+=(mate-session) ;;
        xfce) dbus_args+=(xfce4-session) ;;
        openbox) dbus_args+=(openbox-session) ;;
        *) dbus_args+=($DEFAULT_SESSION) ;;
    esac

    echo "dbus-launch ${dbus_args[*]}"
}

exec $(get_session "$1")

~/.xprofile does not exist

/usr/lib/sddm/sddm.conf.d/default.conf

[Autologin]
# Whether sddm should automatically log back into sessions when they exit
Relogin=false

# Name of session file for autologin session (if empty try last logged in)
Session=

# Username for autologin session
User=


[General]
# Halt command
HaltCommand=/usr/bin/systemctl poweroff

# Input method module
InputMethod=

# Comma-separated list of Linux namespaces for user session to enter
Namespaces=

# Initial NumLock state. Can be on, off or none.
# If property is set to none, numlock won't be changed
# NOTE: Currently ignored if autologin is enabled.
Numlock=none

# Reboot command
RebootCommand=/usr/bin/systemctl reboot


[Theme]
# Current theme name
Current=

# Cursor theme used in the greeter
CursorTheme=

# Number of users to use as threshold
# above which avatars are disabled
# unless explicitly enabled with EnableAvatars
DisableAvatarsThreshold=7

# Enable display of custom user avatars
EnableAvatars=true

# Global directory for user avatars
# The files should be named <username>.face.icon
FacesDir=/usr/share/sddm/faces

# Font used in the greeter
Font=

# Theme directory path
ThemeDir=/usr/share/sddm/themes


[Users]
# Default $PATH for logged in users
DefaultPath=/usr/local/sbin:/usr/local/bin:/usr/bin

# Comma-separated list of shells.
# Users with these shells as their default won't be listed
HideShells=

# Comma-separated list of users that should not be listed
HideUsers=

# Maximum user id for displayed users
MaximumUid=60513

# Minimum user id for displayed users
MinimumUid=1000

# Remember the session of the last successfully logged in user
RememberLastSession=true

# Remember the last successfully logged in user
RememberLastUser=true

# When logging in as the same user twice, restore the original session, rather than create a new one
ReuseSession=true


[Wayland]
# Enable Qt's automatic high-DPI scaling
EnableHiDPI=false

# Path to a script to execute when starting the desktop session
SessionCommand=/usr/share/sddm/scripts/wayland-session

# Directory containing available Wayland sessions
SessionDir=/usr/share/wayland-sessions

# Path to the user session log file
SessionLogFile=.local/share/sddm/wayland-session.log


[X11]
# Path to a script to execute when starting the display server
DisplayCommand=/usr/share/sddm/scripts/Xsetup

# Path to a script to execute when stopping the display server
DisplayStopCommand=/usr/share/sddm/scripts/Xstop

# Enable Qt's automatic high-DPI scaling
EnableHiDPI=false

# The lowest virtual terminal number that will be used.
MinimumVT=1

# Arguments passed to the X server invocation
ServerArguments=-nolisten tcp

# Path to X server binary
ServerPath=/usr/bin/X

# Path to a script to execute when starting the desktop session
SessionCommand=/usr/share/sddm/scripts/Xsession

# Directory containing available X sessions
SessionDir=/usr/share/xsessions

# Path to the user session log file
SessionLogFile=.local/share/sddm/xorg-session.log

# Path to the Xauthority file
UserAuthFile=.Xauthority

# Path to xauth binary
XauthPath=/usr/bin/xauth

# Path to Xephyr binary
XephyrPath=/usr/bin/Xephyr

Maybe .profile ?

I don’t have a .profile

The system I have checked is stable branch - and there has not been any syncs since Oct.16 according to the Manjaro news ticker.

I have using the default KDE 21.1.6 minimal and the configs look like those you provided. The default theme is used - and I still cannot reproduce it.

The displaymanager is replaced by the desktop session at TTY1 - so I am only able to switch to TTY2-6 and when going back to TTY1 it is the desktop session.

Now I am not a KDE expert so I need some help figuring out if the system is running using wayland or x11.

How do one ensure the desktop runs using wayland? Is it default or is there anything I need to adjust?

My test system uses Intel Graphics 500 - yes it is a dual-core celeron N3350 from 2016.

Is the compositor using default values - and which?

If the desktop replaces SDDM on TTY1, you’re probably using Xorg. I have this issue on a Plasma Wayland session. Wayland sessions typically use a different TTY than the display manager.

I know this sounds like a stupid question but I really know nothing of KDE - how do I ensure plasma is using a wayland session?

Install the package plasma-wayland-session and then select Plasma Wayland from your display manager.