Login vs. typeahead
Geoff Coleman
geoff at edm.uucp
Sat Nov 17 10:11:10 AEST 1990
>From article <1990Nov13.233329.8736 at athena.mit.edu>, by jik at athena.mit.edu (Jonathan I. Kamens):
> In article <1990Nov13.182623.18967 at smsc.sony.com>, dce at smsc.sony.com (David Elliott) writes:
> |> ... if a user tries to do this, some or all of
> |> the password they type is displayed on the screen, and then this data
> |> is ignored by getpass(), which flushes the input before it reads.
> |>
> |> What I would like to know is if there is a good reason for the current
> |> behavior, and if changing this behavior might in some way compromise
> |> the security of the system.
>
> The flushing of typeahead is meant to prevent people from doing exactly what
> you describe. Allowing the first characters of your password to be displayed
> on the screen as you type them is a Bad Idea (tm) and a clear security
> problem. If the login program doesn't accept input typed before echoing is
> turned off, then people have an incentive not to type any input before echoing
> is turned off.
>
But isn't AIX supposed to be a more secure UNIX. It does allow
type ahead on the login and accepts it. I wonder if anyone has logged this
as a bug. I'm at my quota for the week already.
Geoff
> --
> Jonathan Kamens USnail:
> MIT Project Athena 11 Ashford Terrace
> jik at Athena.MIT.EDU Allston, MA 02134
> Office: 617-253-8085 Home: 617-782-0710
More information about the Comp.unix.misc
mailing list