From owner-freebsd-bugs@FreeBSD.ORG Thu Jul 22 00:00:41 2004 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9709A16A4CF for ; Thu, 22 Jul 2004 00:00:41 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7950943D2D for ; Thu, 22 Jul 2004 00:00:41 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.11/8.12.11) with ESMTP id i6M00eYO019486 for ; Thu, 22 Jul 2004 00:00:40 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.11/8.12.11/Submit) id i6M00eld019483; Thu, 22 Jul 2004 00:00:40 GMT (envelope-from gnats) Resent-Date: Thu, 22 Jul 2004 00:00:40 GMT Resent-Message-Id: <200407220000.i6M00eld019483@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Marc Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 272CB16A4CE for ; Wed, 21 Jul 2004 23:57:09 +0000 (GMT) Received: from natnoddy.rzone.de (natnoddy.rzone.de [81.169.145.166]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5662543D1F for ; Wed, 21 Jul 2004 23:57:08 +0000 (GMT) (envelope-from marc@bruenink.de) Received: from laptop.marc (c221087.adsl.hansenet.de [213.39.221.87]) by post.webmailer.de (8.12.10/8.12.10) with ESMTP id i6LNv72K026285; Thu, 22 Jul 2004 01:57:07 +0200 (MEST) Received: from laptop.marc (localhost [127.0.0.1]) by laptop.marc (8.12.10/8.12.10) with ESMTP id i6LNn12a001787; Thu, 22 Jul 2004 01:49:01 +0200 (CEST) (envelope-from marc@localhost.my.domain) Received: (from marc@localhost) by laptop.marc (8.12.10/8.12.10/Submit) id i6LNn1tn001786; Thu, 22 Jul 2004 01:49:01 +0200 (CEST) (envelope-from marc) Message-Id: <200407212349.i6LNn1tn001786@laptop.marc> Date: Thu, 22 Jul 2004 01:49:01 +0200 (CEST) From: Marc To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 cc: marc@bruenink.de Subject: bin/69398: [patch] cleartext display of password in login.c X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Marc List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Jul 2004 00:00:41 -0000 >Number: 69398 >Category: bin >Synopsis: [patch] cleartext display of password in login.c >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Jul 22 00:00:40 GMT 2004 >Closed-Date: >Last-Modified: >Originator: Marc Bruenink >Release: FreeBSD 5.2.1-RELEASE i386 >Organization: >Environment: System: FreeBSD laptop.marc 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE #0: Mon Feb 23 20:45:55 GMT 2004 root@wv1u.btc.adaptec.com:/usr/obj/usr/src/sys/GENERIC i386 >Description: Sometimes if a machine is loaded really heavily and the user is impatient there's the possibility that the password is displayed in cleartext onto the screen. >How-To-Repeat: Load your machine heavily and login. After typing the username do not wait for the password prompt and type your password. If your machine is loaded heavily enough the password prompt will not appear immediately and the password will be display in cleartext onto the screen. In fact it's not a bug in the software but within the user. But there's an easy workaround. >Fix: patch against version 1.98 --- login.patch begins here --- --- login.c Thu Jul 22 00:56:43 2004 +++ newlogin.c Thu Jul 22 00:51:19 2004 @@ -73,6 +73,7 @@ #include #include #include +#include #include #include @@ -160,8 +161,10 @@ { struct group *gr; struct stat st; + struct termios ter; int retries, backoff; - int ask, ch, cnt, quietlog, rootlogin, rval; + int ask, ch, cnt, quietlog, rootlogin, rval, resetecho; + int stdinno = fileno(stdin); uid_t uid, euid; gid_t egid; char *term; @@ -284,23 +287,39 @@ badlogin(olduser); } + tcgetattr(stdinno, &ter); + if(ter.c_lflag & ECHO) { + ter.c_lflag &= ~ECHO; + tcsetattr(stdinno, TCSANOW, &ter); + ter.c_lflag |= ECHO; + resetecho = 1; + } else { + resetecho = 0; + } + /* * Load the PAM policy and set some variables */ pam_err = pam_start("login", username, &pamc, &pamh); if (pam_err != PAM_SUCCESS) { - pam_syslog("pam_start()"); - bail(NO_SLEEP_EXIT, 1); + if (resetecho) + tcsetattr(stdinno, TCSANOW ,&ter); + pam_syslog("pam_start()"); + bail(NO_SLEEP_EXIT, 1); } pam_err = pam_set_item(pamh, PAM_TTY, tty); if (pam_err != PAM_SUCCESS) { - pam_syslog("pam_set_item(PAM_TTY)"); - bail(NO_SLEEP_EXIT, 1); + if (resetecho) + tcsetattr(stdinno, TCSANOW ,&ter); + pam_syslog("pam_set_item(PAM_TTY)"); + bail(NO_SLEEP_EXIT, 1); } pam_err = pam_set_item(pamh, PAM_RHOST, hostname); if (pam_err != PAM_SUCCESS) { - pam_syslog("pam_set_item(PAM_RHOST)"); - bail(NO_SLEEP_EXIT, 1); + if (resetecho) + tcsetattr(stdinno, TCSANOW ,&ter); + pam_syslog("pam_set_item(PAM_RHOST)"); + bail(NO_SLEEP_EXIT, 1); } pwd = getpwnam(username); @@ -322,6 +341,9 @@ rval = auth_pam(); (void)setpriority(PRIO_PROCESS, 0, 0); } + + if (resetecho) + tcsetattr(stdinno, TCSANOW ,&ter); if (pwd && rval == 0) break; --- login.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted: