New password echoes on Sol8
Markus Friedl
markus at openbsd.org
Tue Oct 30 02:53:44 EST 2001
On Mon, Oct 29, 2001 at 10:36:40AM -0500, Ed Phillips wrote:
> On Sat, 27 Oct 2001, Markus Friedl wrote:
>
> > Date: Sat, 27 Oct 2001 19:36:34 +0200
> > From: Markus Friedl <markus at openbsd.org>
> > To: Ed Phillips <ed at UDel.Edu>
> > Cc: OpenSSH Development <openssh-unix-dev at mindrot.org>
> > Subject: Re: New password echoes on Sol8
> >
> > On Fri, Oct 26, 2001 at 04:12:35PM -0400, Ed Phillips wrote:
> > > I tried replacing readpassphrase() for v2.9.9p2 on Sol8 with a different
> > > version that just calls getpassphrase(). It appears to solve the echo
> > > problem when the user tries to login in interactive mode and needs to
> > > change their password.
> > >
> > > Can anyone else try this with v2.9.9p2 on Solaris? Be sure to add:
> > >
> > > #define HAVE_GETPASSPHRASE
> >
> > no.
> >
> > the bug should be fixed instead.
>
> Okay... it appears that the bug has been found and fixed.
>
> > we already have enough waste in openssh.
>
> Some might say it is a "waste" to replace a perfectly good OS-supplied
> routine (like getpassphrase()) with yet more code that does the same
> thing.
getpassphrase ist not available on all platforms, and
we don't know whether it removes the password from
memory. moreover, different getpassphrase() implementations
have different deficits.
> And I agree... a quick glance at what's getting bundled into my ssh/sshd
> executables on Solaris - we have the following code getting compiled-in
> even though a routine of the same name or another name with the same
> function is already availble in libc or other libs:
>
> getcwd
> getgrouplist
> getopt
> inet_ntoa
> inet_aton
> mktemp
> readpassphrase
> realpath
> rresvport
> setenv
>
> ... now that's a waste! ;-P
then it's either a configure.in bug or the system has
a broken implementation.
More information about the openssh-unix-dev
mailing list