This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: passwd (cygwin) 1.7.31 ignores keyboard interrupts


On Aug  4 13:40, Doug Henderson wrote:
> The password utility /bin/passwd ignores the ^C and ^D interrupt
> characters in mintty in my 64-bit only cygwin environment.

That's kind of by design.  The passwd tool uses the getpass function.
The getpass function is written so that it ignores any soft tty signal
(^C, ^D, ^Z) during password input for security reasons.  This is in
line with the Linux/Glibc implementation.

> This can lead to inadvertent password changes, possibly requiring a
> lengthy or complex password recovery or reset.

I see.  The problem here is that passwd is using the getpass function.
It should (probably) either use another input function or it should
explicitely test for ^C, ^D, and ^Z characters in the input string
to workaround the getpass security restriction.  The latter would
allow to disregard the input string and exiting passwd after the user
pressed <Enter>.

I'll look into it at one point, but I also wouldn't be too unhappy
about a patch.  Please see https://cygwin.com/contrib.html


Thanks,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

Attachment: pgpr6JKRxpTpz.pgp
Description: PGP signature


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]