Post B0CLWIypsUsrYJGrUu by jomo@mstdn.io
 (DIR) More posts by jomo@mstdn.io
 (DIR) Post #B0CLWIypsUsrYJGrUu by jomo@mstdn.io
       2025-11-12T20:45:50Z
       
       0 likes, 1 repeats
       
       FYI: The sudo-rs bug of leaking passwords on timeout is a general problem of line buffered stdin streams.The `read` builtin suffers from the same problem.https://github.com/trifectatechfoundation/sudo-rs/security/advisories/GHSA-c978-wq47-pvvw#sudors #sudo_rs #bash #CVE_2025_64170 #infosec
       
 (DIR) Post #B0CLWOYp87dqrN9Amm by jomo@mstdn.io
       2025-11-12T20:49:38Z
       
       0 likes, 0 repeats
       
       This issue occurs when using a line buffer, where the input is only placed into the buffer after a newline character was entered. When that character is not entered, the data is not read, and thus not flushed from stdin and is still waiting to be read by the next program (such as the shell) to read from the stdin buffer. Bash uses a character buffer to read your keyboard inputs, so the data is displayed immediately.