Bug 705

Summary: passwords show in the clear after bringing password prompt to foreground
Product: Sudo Reporter: kbyanc
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: normal    
Priority: low    
Version: 1.7.10   
Hardware: Macintosh   
OS: MacOS X   
Attachments: Proposed patch
Backport of term.c changes in sudo 1.8.x

Description kbyanc 2015-07-21 12:13:11 MDT 
This is with sudo 1.7.10p9:

1. launch terminal
2. enter the command “sudo ls &”
3. bring the command to the foreground by entering “fg”
4. type at the Password prompt

* RESULTS
Text entry is shown
Comment 1 kbyanc 2015-07-21 12:53:41 MDT 
Created attachment 453 [details]
Proposed patch
Comment 2 Todd C. Miller 2015-07-21 15:09:08 MDT 
This kind of infinite loop is not safe.  There is a better solution in sudo 1.8.x that could be back-ported.

This is actually a bug in the Mac OS X kernel where it does not restart the tty-related syscalls as it should.  I filed a bug about this years ago but apparently they didn't care.
Comment 3 Todd C. Miller 2015-07-23 07:50:31 MDT 
Created attachment 455 [details]
Backport of term.c changes in sudo 1.8.x

Attached is a patch that includes merge of term.c related commits from sudo 1.8.x that works around the bug in Mac OS X.  You can see the individual commits in the hg repo.
Comment 4 Todd C. Miller 2017-04-12 08:40:09 MDT 
Fixed in sudo 1.8.x