From marc@bruenink.de  Wed Jul 21 23:57:09 2004
Return-Path: <marc@bruenink.de>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 272CB16A4CE
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 21 Jul 2004 23:57:09 +0000 (GMT)
Received: from natnoddy.rzone.de (natnoddy.rzone.de [81.169.145.166])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5662543D1F
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 21 Jul 2004 23:57:08 +0000 (GMT)
	(envelope-from marc@bruenink.de)
Received: from laptop.marc (c221087.adsl.hansenet.de [213.39.221.87])
	by post.webmailer.de (8.12.10/8.12.10) with ESMTP id i6LNv72K026285;
	Thu, 22 Jul 2004 01:57:07 +0200 (MEST)
Received: from laptop.marc (localhost [127.0.0.1])
	by laptop.marc (8.12.10/8.12.10) with ESMTP id i6LNn12a001787;
	Thu, 22 Jul 2004 01:49:01 +0200 (CEST)
	(envelope-from marc@localhost.my.domain)
Received: (from marc@localhost)
	by laptop.marc (8.12.10/8.12.10/Submit) id i6LNn1tn001786;
	Thu, 22 Jul 2004 01:49:01 +0200 (CEST)
	(envelope-from marc)
Message-Id: <200407212349.i6LNn1tn001786@laptop.marc>
Date: Thu, 22 Jul 2004 01:49:01 +0200 (CEST)
From: Marc <marc@bruenink.de>
Reply-To: Marc <marc@bruenink.de>
To: FreeBSD-gnats-submit@freebsd.org
Cc: marc@bruenink.de
Subject: [patch] cleartext display of password in login.c
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         69398
>Category:       bin
>Synopsis:       [patch] login(1) cleartext display of password in login.c
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jul 22 00:00:40 GMT 2004
>Closed-Date:    
>Last-Modified:  Sat May 30 22:50:04 UTC 2009
>Originator:     Marc Bruenink
>Release:        FreeBSD 5.2.1-RELEASE i386
>Organization:
>Environment:
System: FreeBSD laptop.marc 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE #0: Mon Feb 23 20:45:55 GMT 2004 root@wv1u.btc.adaptec.com:/usr/obj/usr/src/sys/GENERIC i386


	
>Description:
	Sometimes if a machine is loaded really heavily and the user is impatient there's the possibility that the password is displayed in cleartext onto the screen. 
>How-To-Repeat:
	Load your machine heavily and login. After typing the username do not wait for the password prompt and type your password. If your machine is loaded heavily enough the password prompt will not appear immediately and the password will be display in cleartext onto the screen. 
In fact it's not a bug in the software but within the user. But there's an easy workaround. 
>Fix:

patch against version 1.98

--- login.patch begins here ---
--- login.c	Thu Jul 22 00:56:43 2004
+++ newlogin.c	Thu Jul 22 00:51:19 2004
@@ -73,6 +73,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <syslog.h>
+#include <termios.h>
 #include <ttyent.h>
 #include <unistd.h>
 
@@ -160,8 +161,10 @@
 {
 	struct group *gr;
 	struct stat st;
+	struct termios ter;
 	int retries, backoff;
-	int ask, ch, cnt, quietlog, rootlogin, rval;
+	int ask, ch, cnt, quietlog, rootlogin, rval, resetecho;
+	int stdinno = fileno(stdin);
 	uid_t uid, euid;
 	gid_t egid;
 	char *term;
@@ -284,23 +287,39 @@
 				badlogin(olduser);
 		}
 
+		tcgetattr(stdinno, &ter);
+		if(ter.c_lflag & ECHO) {
+		  ter.c_lflag &= ~ECHO;
+		  tcsetattr(stdinno, TCSANOW, &ter);
+		  ter.c_lflag |= ECHO;
+		  resetecho = 1;
+		} else {
+		  resetecho = 0;
+		}
+
 		/*
 		 * Load the PAM policy and set some variables
 		 */
 		pam_err = pam_start("login", username, &pamc, &pamh);
 		if (pam_err != PAM_SUCCESS) {
-			pam_syslog("pam_start()");
-			bail(NO_SLEEP_EXIT, 1);
+		  if (resetecho)
+			 tcsetattr(stdinno, TCSANOW ,&ter);
+		  pam_syslog("pam_start()");
+		  bail(NO_SLEEP_EXIT, 1);
 		}
 		pam_err = pam_set_item(pamh, PAM_TTY, tty);
 		if (pam_err != PAM_SUCCESS) {
-			pam_syslog("pam_set_item(PAM_TTY)");
-			bail(NO_SLEEP_EXIT, 1);
+		  if (resetecho) 
+			 tcsetattr(stdinno, TCSANOW ,&ter);
+		  pam_syslog("pam_set_item(PAM_TTY)");
+		  bail(NO_SLEEP_EXIT, 1);
 		}
 		pam_err = pam_set_item(pamh, PAM_RHOST, hostname);
 		if (pam_err != PAM_SUCCESS) {
-			pam_syslog("pam_set_item(PAM_RHOST)");
-			bail(NO_SLEEP_EXIT, 1);
+		  if (resetecho) 
+			 tcsetattr(stdinno, TCSANOW ,&ter);
+		  pam_syslog("pam_set_item(PAM_RHOST)");
+		  bail(NO_SLEEP_EXIT, 1);
 		}
 
 		pwd = getpwnam(username);
@@ -322,6 +341,9 @@
 			rval = auth_pam();
 			(void)setpriority(PRIO_PROCESS, 0, 0);
 		}
+
+		if (resetecho) 
+		  tcsetattr(stdinno, TCSANOW ,&ter);
 
 		if (pwd && rval == 0)
 			break;
--- login.patch ends here ---


>Release-Note:
>Audit-Trail:

From: Jilles Tjoelker <jilles@stack.nl>
To: bug-followup@FreeBSD.org, marc@bruenink.de
Cc:  
Subject: Re: bin/69398: [patch] login(1) cleartext display of password in
	login.c
Date: Sun, 31 May 2009 00:46:38 +0200

 Your patch makes the problematic time shorter but does not eliminate it.
 Letters typed before the code you are adding to login(1) is executed are
 still shown.
 
 There are also various other password prompts that cannot be fixed for
 this, such as the one from ssh(1).
 
 -- 
 Jilles Tjoelker
>Unformatted:
