This is the mail archive of the libc-hacker@sourceware.cygnus.com mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

Re: [ak@muc.de] libc/796: getpass() is not usable for high security applications

In dist.glibc, article <909164175.5232@noris.de>,
  drepper@cygnus.com (Ulrich Drepper) writes:
> 
> This was indeed added for security reasons.  I cannot remember the
> details anymore, though.
> 
I can think of only one rationale -- force the the user to wait for the
password prompt before typing the passwort.

If you typeahead the password, it will be visible because the tty is in
echo mode. That will allow somebody who looks at your screen to see the
password, which is arguably easier than to watch you type it.

-- 
Matthias Urlichs  |  noris network GmbH   |   smurf@noris.de  |  ICQ: 20193661
The quote was selected randomly. Really.    |      http://www.noris.de/~smurf/
-- 
Fear is the tax that the conscience pays to guilt.
                                -- Sewell
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]