Bug 705 – passwords show in the clear after bringing password prompt to foreground

Bug 705 - passwords show in the clear after bringing password prompt to foreground


Summary:	passwords show in the clear after bringing password prompt to foreground

Status:	RESOLVED FIXED

Product:	Sudo
Classification:	Unclassified
Component:	Sudo
Version:	1.7.10
Hardware:	Macintosh MacOS X

Importance:	low normal
Assigned To:	Todd C. Miller

URL:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2015-07-21 12:13 MDT by kbyanc
Modified:	2017-04-12 08:40 MDT (History)
CC List:	0 users

See Also:

Attachments
Proposed patch (986 bytes, patch) 2015-07-21 12:53 MDT, kbyanc	Details \| Diff
Backport of term.c changes in sudo 1.8.x (8.70 KB, application/octet-stream) 2015-07-23 07:50 MDT, Todd C. Miller	Details
Show Obsolete (1) Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description kbyanc 2015-07-21 12:13:11 MDT

This is with sudo 1.7.10p9:

1. launch terminal
2. enter the command “sudo ls &”
3. bring the command to the foreground by entering “fg”
4. type at the Password prompt

* RESULTS
Text entry is shown

Comment 1 kbyanc 2015-07-21 12:53:41 MDT

Created attachment 453 [details]
Proposed patch

Comment 2 Todd C. Miller 2015-07-21 15:09:08 MDT

This kind of infinite loop is not safe.  There is a better solution in sudo 1.8.x that could be back-ported.

This is actually a bug in the Mac OS X kernel where it does not restart the tty-related syscalls as it should.  I filed a bug about this years ago but apparently they didn't care.

Comment 3 Todd C. Miller 2015-07-23 07:50:31 MDT

Created attachment 455 [details]
Backport of term.c changes in sudo 1.8.x

Attached is a patch that includes merge of term.c related commits from sudo 1.8.x that works around the bug in Mac OS X.  You can see the individual commits in the hg repo.

Comment 4 Todd C. Miller 2017-04-12 08:40:09 MDT

Fixed in sudo 1.8.x