RE: Stable CVS 1.11.7 Released! (Derek Robert Price)
Under cvs-1.11.7, the password is displayed on the client screen as follows: cvs login (Password is not displayed while typing it, but is displayed after pressing the ENTER key.) I know pserver in general is not very secure, but is there any way to have a patch or fix that might eliminate this display? Thanks, Dave. -- http://agilemanifesto.org/principles.html () ascii ribbon campaign - against html mail /\- against proprietary attachments For assistance, see: http://www.expita.com/nomime.html ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: Stable CVS 1.11.7 Released! (Derek Robert Price)
On Tue, Sep 30, 2003 at 03:10:08PM MDT, Larry Jones wrote: > David Everly writes: > > > > (Password is not displayed while typing it, but is displayed after > > pressing the ENTER key.) > > On what platform? > > -Larry Jones All three have the same behavior of showing the password (which was not present with 1.11.6). Output of "uname -a": AIX chanegw0 3 4 000110554C00 SunOS ndccsr02 5.8 Generic_108528-19 sun4u sparc SUNW,Ultra-Enterprise HP-UX chanhp9 B.11.11 U 9000/800 1877750441 unlimited-user license Configure parameters: ./configure --prefix=/opt/cvs-1.11.7 --without-krb4 --without-gssapi I am assuming this has something to do with the new internal getpass function...but not sure what. ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: Stable CVS 1.11.7 Released! (Derek Robert Price)
David Everly writes: > > (Password is not displayed while typing it, but is displayed after > pressing the ENTER key.) On what platform? -Larry Jones You can never really enjoy Sundays because in the back of your mind you know you have to go to school the next day. -- Calvin ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: Stable CVS 1.11.7 Released! (Derek Robert Price)
David Everly writes: > > All three have the same behavior of showing the password (which was > not present with 1.11.6). Output of "uname -a": > >AIX chanegw0 3 4 000110554C00 >SunOS ndccsr02 5.8 Generic_108528-19 sun4u sparc SUNW,Ultra-Enterprise >HP-UX chanhp9 B.11.11 U 9000/800 1877750441 unlimited-user license By golly, so they do. The GNULIB version of getpass is defective, but it doesn't show up on my BSD-derived system nor, presumably, on Linux. Since passwords are read directly from the terminal, it's not tested in the nightly testing. I've checked in a fix and I'll be sending it on to the GNULIB folks. Here's a patch for anyone that wants it: Index: getpass.c === RCS file: /cvs/ccvs/lib/getpass.c,v retrieving revision 1.1.2.1 retrieving revision 1.1.2.2 diff -u -r1.1.2.1 -r1.1.2.2 --- getpass.c 29 Jul 2003 13:37:37 - 1.1.2.1 +++ getpass.c 30 Sep 2003 22:11:51 - 1.1.2.2 @@ -20,6 +20,9 @@ #endif #include +#ifndef SEEK_CUR +#define SEEK_CUR 1 +#endif #include #include #include "getline.h" @@ -83,8 +86,11 @@ /* Remove the newline. */ buf[nread - 1] = '\0'; if (tty_changed) - /* Write the newline that was not echoed. */ - putc ('\n', out); + { + /* Write the newline that was not echoed. */ + if (out == in) fseek (out, 0, SEEK_CUR); + putc ('\n', out); + } } } -Larry Jones I sure like summer vacation. -- Calvin ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
[lawrence.jones@eds.com: Re: Stable CVS 1.11.7 Released! (Derek Robert Price)]
Thanks Larry! This fixed it. --- Begin Message --- David Everly writes: > > All three have the same behavior of showing the password (which was > not present with 1.11.6). Output of "uname -a": > >AIX chanegw0 3 4 000110554C00 >SunOS ndccsr02 5.8 Generic_108528-19 sun4u sparc SUNW,Ultra-Enterprise >HP-UX chanhp9 B.11.11 U 9000/800 1877750441 unlimited-user license By golly, so they do. The GNULIB version of getpass is defective, but it doesn't show up on my BSD-derived system nor, presumably, on Linux. Since passwords are read directly from the terminal, it's not tested in the nightly testing. I've checked in a fix and I'll be sending it on to the GNULIB folks. Here's a patch for anyone that wants it: Index: getpass.c === RCS file: /cvs/ccvs/lib/getpass.c,v retrieving revision 1.1.2.1 retrieving revision 1.1.2.2 diff -u -r1.1.2.1 -r1.1.2.2 --- getpass.c 29 Jul 2003 13:37:37 - 1.1.2.1 +++ getpass.c 30 Sep 2003 22:11:51 - 1.1.2.2 @@ -20,6 +20,9 @@ #endif #include +#ifndef SEEK_CUR +#define SEEK_CUR 1 +#endif #include #include #include "getline.h" @@ -83,8 +86,11 @@ /* Remove the newline. */ buf[nread - 1] = '\0'; if (tty_changed) - /* Write the newline that was not echoed. */ - putc ('\n', out); + { + /* Write the newline that was not echoed. */ + if (out == in) fseek (out, 0, SEEK_CUR); + putc ('\n', out); + } } } -Larry Jones I sure like summer vacation. -- Calvin --- End Message --- ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs