passwd (cygwin) 1.7.31 ignores keyboard interrupts
Corinna Vinschen
corinna-cygwin@cygwin.com
Tue Aug 5 08:17:00 GMT 2014
On Aug 4 13:40, Doug Henderson wrote:
> The password utility /bin/passwd ignores the ^C and ^D interrupt
> characters in mintty in my 64-bit only cygwin environment.
That's kind of by design. The passwd tool uses the getpass function.
The getpass function is written so that it ignores any soft tty signal
(^C, ^D, ^Z) during password input for security reasons. This is in
line with the Linux/Glibc implementation.
> This can lead to inadvertent password changes, possibly requiring a
> lengthy or complex password recovery or reset.
I see. The problem here is that passwd is using the getpass function.
It should (probably) either use another input function or it should
explicitely test for ^C, ^D, and ^Z characters in the input string
to workaround the getpass security restriction. The latter would
allow to disregard the input string and exiting passwd after the user
pressed <Enter>.
I'll look into it at one point, but I also wouldn't be too unhappy
about a patch. Please see https://cygwin.com/contrib.html
Thanks,
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20140805/9dccc9c0/attachment.sig>
More information about the Cygwin
mailing list