[6173] in bugtraq
Re: FreeBSD getpass "feature"
daemon@ATHENA.MIT.EDU (Philippe Regnauld)
Wed Feb 25 18:48:10 1998
Date: Wed, 25 Feb 1998 19:39:27 +0100
Reply-To: Philippe Regnauld <regnauld@DEEPO.PROSA.DK>
From: Philippe Regnauld <regnauld@DEEPO.PROSA.DK>
X-To: GvS One <gvs@AGMAR.RU>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.BSF.3.96.980225102408.13866F-100000@heart.agmar.ru>; from
GvS One on Wed, Feb 25, 1998 at 10:24:36AM +0300
GvS One writes:
> Hi, netters!
>
> I just found some discouraging feature of the getpass(3) function,
> which affects the all programs which are using it: passwd, login, ...
> When you press ^C (send intr) at the password prompt, you... can ente=
r
> then password visible (echoed). It does _not_ affect slogin/ssh
> package because it uses other password giving mechanism.
I always saw this as a "feature", just like s/key (at least on
FreeBSD) that would echo your pass on login if you typed return
on the first password prompt. Of course, echoing the password
should is strongly discouraged on a remote session, but then
again packet sniffing will catch you either way.
I thought it was quite handy on lossy/extremely slow links.
--
-[ Philippe Regnauld / sysadmin / regnauld@deepo.prosa.dk / +55.4N +11=
.3E ]-
=ABPluto placed his bad dog at the entrance of Hades to keep the d=
ead
IN and the living OUT! The archetypical corporate firewal=
l?=BB
- S. Kelly Bootle, ("MYTHOLOGY", in Marutukku dis=
trib)
