Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 22 Jul 2004 01:49:01 +0200 (CEST)
From:      Marc <marc@bruenink.de>
To:        FreeBSD-gnats-submit@FreeBSD.org
Cc:        marc@bruenink.de
Subject:   bin/69398: [patch] cleartext display of password in login.c
Message-ID:  <200407212349.i6LNn1tn001786@laptop.marc>
Resent-Message-ID: <200407220000.i6M00eld019483@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help

>Number:         69398
>Category:       bin
>Synopsis:       [patch] cleartext display of password in login.c
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jul 22 00:00:40 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator:     Marc Bruenink
>Release:        FreeBSD 5.2.1-RELEASE i386
>Organization:
>Environment:
System: FreeBSD laptop.marc 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE #0: Mon Feb 23 20:45:55 GMT 2004 root@wv1u.btc.adaptec.com:/usr/obj/usr/src/sys/GENERIC i386


	
>Description:
	Sometimes if a machine is loaded really heavily and the user is impatient there's the possibility that the password is displayed in cleartext onto the screen. 
>How-To-Repeat:
	Load your machine heavily and login. After typing the username do not wait for the password prompt and type your password. If your machine is loaded heavily enough the password prompt will not appear immediately and the password will be display in cleartext onto the screen. 
In fact it's not a bug in the software but within the user. But there's an easy workaround. 
>Fix:

patch against version 1.98

--- login.patch begins here ---
--- login.c	Thu Jul 22 00:56:43 2004
+++ newlogin.c	Thu Jul 22 00:51:19 2004
@@ -73,6 +73,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <syslog.h>
+#include <termios.h>
 #include <ttyent.h>
 #include <unistd.h>
 
@@ -160,8 +161,10 @@
 {
 	struct group *gr;
 	struct stat st;
+	struct termios ter;
 	int retries, backoff;
-	int ask, ch, cnt, quietlog, rootlogin, rval;
+	int ask, ch, cnt, quietlog, rootlogin, rval, resetecho;
+	int stdinno = fileno(stdin);
 	uid_t uid, euid;
 	gid_t egid;
 	char *term;
@@ -284,23 +287,39 @@
 				badlogin(olduser);
 		}
 
+		tcgetattr(stdinno, &ter);
+		if(ter.c_lflag & ECHO) {
+		  ter.c_lflag &= ~ECHO;
+		  tcsetattr(stdinno, TCSANOW, &ter);
+		  ter.c_lflag |= ECHO;
+		  resetecho = 1;
+		} else {
+		  resetecho = 0;
+		}
+
 		/*
 		 * Load the PAM policy and set some variables
 		 */
 		pam_err = pam_start("login", username, &pamc, &pamh);
 		if (pam_err != PAM_SUCCESS) {
-			pam_syslog("pam_start()");
-			bail(NO_SLEEP_EXIT, 1);
+		  if (resetecho)
+			 tcsetattr(stdinno, TCSANOW ,&ter);
+		  pam_syslog("pam_start()");
+		  bail(NO_SLEEP_EXIT, 1);
 		}
 		pam_err = pam_set_item(pamh, PAM_TTY, tty);
 		if (pam_err != PAM_SUCCESS) {
-			pam_syslog("pam_set_item(PAM_TTY)");
-			bail(NO_SLEEP_EXIT, 1);
+		  if (resetecho) 
+			 tcsetattr(stdinno, TCSANOW ,&ter);
+		  pam_syslog("pam_set_item(PAM_TTY)");
+		  bail(NO_SLEEP_EXIT, 1);
 		}
 		pam_err = pam_set_item(pamh, PAM_RHOST, hostname);
 		if (pam_err != PAM_SUCCESS) {
-			pam_syslog("pam_set_item(PAM_RHOST)");
-			bail(NO_SLEEP_EXIT, 1);
+		  if (resetecho) 
+			 tcsetattr(stdinno, TCSANOW ,&ter);
+		  pam_syslog("pam_set_item(PAM_RHOST)");
+		  bail(NO_SLEEP_EXIT, 1);
 		}
 
 		pwd = getpwnam(username);
@@ -322,6 +341,9 @@
 			rval = auth_pam();
 			(void)setpriority(PRIO_PROCESS, 0, 0);
 		}
+
+		if (resetecho) 
+		  tcsetattr(stdinno, TCSANOW ,&ter);
 
 		if (pwd && rval == 0)
 			break;
--- login.patch ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200407212349.i6LNn1tn001786>