The question of the proposed
A netizen on the internet raised the following questions:
Code:
SSH root@a.b.c.cn mysqldump ABCD emp > Emptoeee-u root-p
root@a.b.c.cn Password:
Enter Password:
The first system password is invisible, and the second MySQL password is explicitly displayed ...
The first password is clearly the password required for SSH password authentication, and the second password should be the password required by the remote mysqldump, but why is the second password displayed in plaintext?
Analysis of the problem
In UNIX programming, obtaining a password generally uses the Getpass (3) function. His definition is this:
Code:
#include <unistd.h>
Char *getpass (const char * prompt); Where prompt is the type of phrase "PassWord:" in front of the password, as in the Getpass's manual album, said:
Code:
For GLIBC2, If/dev/tty cannot was opened, the prompt is written to
StdErr and the password are read from stdin. There is no limit on the
Length of the password. Line editing are not disabled. That is, usually getpass use stdin to get the password, and in the Advanced Unix programming we know that General Stdin,stdout and stderr have TTY information. In this case, the GLIBC Getpass uses the following method:
Code:
if (__tcgetattr (Fileno (in), &t) = = 0)
{
/* Save the old one. */
s = t;
* Tricky, Tricky. */
T.c_lflag &= ~ (echo| ISIG);
tty_changed = (tcsetattr (Fileno (in), tcsaflush| Tcsasoft, &t) = = 0);
}
When stdin has terminal properties, this code will successfully block out the echo function of the terminal. Our input will not be displayed.
However, when we use tools such as netcat and use pipelines to forward input and output information from the other end of the network, the remote program typically redirects the stdin and Stdout,stderr of the program to the network. At this point, the file descriptors for stdin and stdout have been replaced:
Code:
/* Duplicate the socket for the "child" program * *
Dup2 (NCSOCK->FD, Stdin_fileno);
Close (NCSOCK->FD);
Dup2 (Stdin_fileno, Stdout_fileno);
Dup2 (Stdin_fileno, Stderr_fileno); Above is the Netcat code, at this time of stdin, such as the descriptor is already a socket. The Getpass terminal operation cannot be performed, and the password entered will be displayed directly on the remote terminal. For a one-time-executed remote SSH command, just as StdIn is assigned to the network socket. And, from the output of SSH:
Code:
[Gnap@osiris ~]$ SSH ftp bash-i
[Gnap@ftp ~]$ su
Standard in must to be a TTY
[Gnap@ftp ~]$ exit
Exit
[Gnap@osiris ~]$ remote Bash does not prompt for ' no job control ' and estimates that stderr is not redirected. Therefore, it is recommended that you do not use this method to perform programs that require operating terminals.
Workaround:
For security reasons, it is recommended that you avoid using GLIBC's getpass to get the password as much as possible. It is recommended that you implement a password acquisition, and that you cannot obtain a TTY as a hint and exit the program (SU) or write a callback program to obtain an input password (SSH) for x. In addition, as a security recommendation, any program calling Getpass is recommended for execution in an environment that has a terminal to avoid the security implications of the password plaintext display.
