From nobody  Thu Feb 11 13:35:32 1999
Received: (from nobody@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id NAA21119;
          Thu, 11 Feb 1999 13:35:32 -0800 (PST)
          (envelope-from nobody)
Message-Id: <199902112135.NAA21119@hub.freebsd.org>
Date: Thu, 11 Feb 1999 13:35:32 -0800 (PST)
From: kaiserppo@erols.com
To: freebsd-gnats-submit@freebsd.org
Subject: Security Hole -- Easy way to get users passwords
X-Send-Pr-Version: www-1.0

>Number:         10037
>Category:       i386
>Synopsis:       Security Hole -- Easy way to get users passwords
>Confidential:   no
>Severity:       non-critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Feb 11 13:40:01 PST 1999
>Closed-Date:    Sat Mar 20 13:56:02 PST 1999
>Last-Modified:  Sat Mar 20 13:57:12 PST 1999
>Originator:     Ben Howard
>Release:        2.2.6 i386
>Organization:
<home>
>Environment:
FreeBSD rasputin.net 2.2.6 RELEASE FreeBSD 2.2.6-RELEASE #5
Wed Feb 3,19:15:05 GMT 1999 toor@rasputin.net:/usr/src/sys/compile/RASPUTIN i386
>Description:
Simple- a superuser can run cat on the /dev/ttyvX (X being the virtual
terminal number), when a user enters in there password, the superuser
can see the password.
>How-To-Repeat:
Log on as a superuser
type: cat /dev/ttyvX
then flop over to that terminal
log on
go back to the terminal where you logged on as superuser
notice the lovely password that you know have.
>Fix:
No know fix. But it is illegal for buisnesses, schools, etc. to archive
password of their users. This also works for network logons.
>Release-Note:
>Audit-Trail:

From: Bill Fumerola <billf@jade.chc-chimes.com>
To: kaiserppo@erols.com
Cc: freebsd-gnats-submit@FreeBSD.ORG
Subject: Re: i386/10037: Security Hole -- Easy way to get users passwords
Date: Thu, 11 Feb 1999 17:20:40 -0500 (EST)

 On Thu, 11 Feb 1999 kaiserppo@erols.com wrote:
 > >Description:
 > Simple- a superuser can run cat on the /dev/ttyvX (X being the virtual
 > terminal number), when a user enters in there password, the superuser
 > can see the password.
 
 This is not a bug. The password has to be read somehow.
 
 > >Fix:
 > No know fix. But it is illegal for buisnesses, schools, etc. to archive
 > password of their users. This also works for network logons.
 
 Since when? 
 
 - bill fumerola - billf@chc-chimes.com - BF1560 - computer horizons corp -
 - ph:(800) 252-2421 - bfumerol@computerhorizons.com - billf@FreeBSD.org  -
 
 
 
State-Changed-From-To: open->closed 
State-Changed-By: billf 
State-Changed-When: Sat Mar 20 13:56:02 PST 1999 
State-Changed-Why:  
The ability for root to read/write terminals cannot be changed. 
If a system administrator wants to compromise his own system's passwords 
there are a million ways to do it, but all require root, resulting in 
a catch 22. 
>Unformatted:
