RE: Stable CVS 1.11.7 Released! (Derek Robert Price)
Under cvs-1.11.7, the password is displayed on the client screen as follows: cvs login (Password is not displayed while typing it, but is displayed after pressing the ENTER key.) I know pserver in general is not very secure, but is there any way to have a patch or fix that might eliminate this display? Thanks, Dave. -- http://agilemanifesto.org/principles.html () ascii ribbon campaign - against html mail /\- against proprietary attachments For assistance, see: http://www.expita.com/nomime.html ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: Stable CVS 1.11.7 Released! (Derek Robert Price)
On Tue, Sep 30, 2003 at 03:10:08PM MDT, Larry Jones wrote: > David Everly writes: > > > > (Password is not displayed while typing it, but is displayed after > > pressing the ENTER key.) > > On what platform? > > -Larry Jones All three have the same behavior of showing the password (which was not present with 1.11.6). Output of "uname -a": AIX chanegw0 3 4 000110554C00 SunOS ndccsr02 5.8 Generic_108528-19 sun4u sparc SUNW,Ultra-Enterprise HP-UX chanhp9 B.11.11 U 9000/800 1877750441 unlimited-user license Configure parameters: ./configure --prefix=/opt/cvs-1.11.7 --without-krb4 --without-gssapi I am assuming this has something to do with the new internal getpass function...but not sure what. ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: Stable CVS 1.11.7 Released! (Derek Robert Price)
David Everly writes: > > (Password is not displayed while typing it, but is displayed after > pressing the ENTER key.) On what platform? -Larry Jones You can never really enjoy Sundays because in the back of your mind you know you have to go to school the next day. -- Calvin ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: Stable CVS 1.11.7 Released! (Derek Robert Price)
David Everly writes:
>
> All three have the same behavior of showing the password (which was
> not present with 1.11.6). Output of "uname -a":
>
>AIX chanegw0 3 4 000110554C00
>SunOS ndccsr02 5.8 Generic_108528-19 sun4u sparc SUNW,Ultra-Enterprise
>HP-UX chanhp9 B.11.11 U 9000/800 1877750441 unlimited-user license
By golly, so they do. The GNULIB version of getpass is defective, but
it doesn't show up on my BSD-derived system nor, presumably, on Linux.
Since passwords are read directly from the terminal, it's not tested in
the nightly testing. I've checked in a fix and I'll be sending it on to
the GNULIB folks. Here's a patch for anyone that wants it:
Index: getpass.c
===
RCS file: /cvs/ccvs/lib/getpass.c,v
retrieving revision 1.1.2.1
retrieving revision 1.1.2.2
diff -u -r1.1.2.1 -r1.1.2.2
--- getpass.c 29 Jul 2003 13:37:37 - 1.1.2.1
+++ getpass.c 30 Sep 2003 22:11:51 - 1.1.2.2
@@ -20,6 +20,9 @@
#endif
#include
+#ifndef SEEK_CUR
+#define SEEK_CUR 1
+#endif
#include
#include
#include "getline.h"
@@ -83,8 +86,11 @@
/* Remove the newline. */
buf[nread - 1] = '\0';
if (tty_changed)
- /* Write the newline that was not echoed. */
- putc ('\n', out);
+ {
+ /* Write the newline that was not echoed. */
+ if (out == in) fseek (out, 0, SEEK_CUR);
+ putc ('\n', out);
+ }
}
}
-Larry Jones
I sure like summer vacation. -- Calvin
___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs
[lawrence.jones@eds.com: Re: Stable CVS 1.11.7 Released! (Derek Robert Price)]
Thanks Larry! This fixed it.
--- Begin Message ---
David Everly writes:
>
> All three have the same behavior of showing the password (which was
> not present with 1.11.6). Output of "uname -a":
>
>AIX chanegw0 3 4 000110554C00
>SunOS ndccsr02 5.8 Generic_108528-19 sun4u sparc SUNW,Ultra-Enterprise
>HP-UX chanhp9 B.11.11 U 9000/800 1877750441 unlimited-user license
By golly, so they do. The GNULIB version of getpass is defective, but
it doesn't show up on my BSD-derived system nor, presumably, on Linux.
Since passwords are read directly from the terminal, it's not tested in
the nightly testing. I've checked in a fix and I'll be sending it on to
the GNULIB folks. Here's a patch for anyone that wants it:
Index: getpass.c
===
RCS file: /cvs/ccvs/lib/getpass.c,v
retrieving revision 1.1.2.1
retrieving revision 1.1.2.2
diff -u -r1.1.2.1 -r1.1.2.2
--- getpass.c 29 Jul 2003 13:37:37 - 1.1.2.1
+++ getpass.c 30 Sep 2003 22:11:51 - 1.1.2.2
@@ -20,6 +20,9 @@
#endif
#include
+#ifndef SEEK_CUR
+#define SEEK_CUR 1
+#endif
#include
#include
#include "getline.h"
@@ -83,8 +86,11 @@
/* Remove the newline. */
buf[nread - 1] = '\0';
if (tty_changed)
- /* Write the newline that was not echoed. */
- putc ('\n', out);
+ {
+ /* Write the newline that was not echoed. */
+ if (out == in) fseek (out, 0, SEEK_CUR);
+ putc ('\n', out);
+ }
}
}
-Larry Jones
I sure like summer vacation. -- Calvin
--- End Message ---
___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs
