This is the mail archive of the libc-hacker@sourceware.cygnus.com mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

Re: [ak@muc.de] libc/796: getpass() is not usable for high security applications

> Date: Fri, 23 Oct 1998 19:33:35 +0200
> From: Andi Kleen <ak@muc.de>
> Cc: Mark Kettenis <kettenis@wins.uva.nl>, aj@arthur.rhein-neckar.de,
>         libc-hacker@cygnus.com

> Assuming it was added to prevent any already queued data from entering
> into the su session: it would have exactly the same advantage if the
> flush was done after the password read.  If the attacker already knew 
> the password all security measures are too late. If he doesn't he will
> never pass the password check, no matter what he queues first.  This is
> the reason why the flush is completely useless, but if you would insist
> on keeping it (I hope you don't @) it would be at least less annoying 
> to have it after the password entry (because any missing characters are
> then at least visible and can be easily corrected) 

One advantage of it is that it discourages people from typing

su\npassword\n

without waiting for the prompt.  If you do this on a slow system it
can happen that the password gets echoed, and not echoing is the
entire purpose of getpass().

-- 
Geoffrey Keating <geoffk@ozemail.com.au>
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]