Subject: Re: Cautionary Tale: New Install/root Password/Keyboard Layout
To: None <netbsd-users@netbsd.org>
From: felix zaslavskiy <felix@students.poly.edu>
List: netbsd-users
Date: 07/04/2003 04:49:56
On Thu, 2003-07-03 at 21:59, Nick Boyce wrote:
> This cautionary tale seems worth sharing - even if only with the
> archives - it may save somebody else as unwary as me from a silly
> fresh install situation.
> 
> I recently set up a new NetBSD 1.6.1/i386 box.  During the
> installation I got prompted to set the root password as usual, and on
> attempting to enter a string of all lowercase characters - guessable
> only by me of course :-) - was asked to reconsider my foolishness and
> use some punctuation .. or an uppercase character .. in the
> time-honoured fashion.  

For some reason this got me curious a bit. 
Traditionaly in unix any ascii code 1-127 is valid to be put in a
password.  You would have a hard time having your tty generating some of
those ascii codes from a keyboard and i am sure there is some
combinations of keys you can press to get the exact ascii code.

I did some pocking around and i came up with a way to send arbitrary
string of characters to a program like passwd bypassing the keyboard all
together.

Asssuing you have bash thats what i used. 
Not this will not work actualy work. Why thats the case i leave it for
you to figure out.

#chmod a-rw /dev/tty
su unprivuser
bash$ echo -n $'oldpass\nmypassword\nmypassword\n' | passwd

now if you wanted to make yourself a weird password with say a Carrige
return in it not so hard because CR is simply D in hex.

bash$ echo -n $'password\x0D\npassword\x0D\n' | passwd



> 
> Being in a rush, and having in front of me a standard UK keyboard, my
> eyes quickly settled on the handy "\" key (backslash) which is
> conveniently located on the bottom left-hand corner of a UK keyboard
> ... between left-shift and "z" ... so I put one of those into the
> password.  
> 
> The installation duly completed without incident, and I did the first
> reboot ... and logged in as root at the console.  Fairly quickly I
> realised the keyboard layout was wrong for the UK (hash, pound, and
> "at" in the wrong places, etc.), so I did a quick man wscons (new to
> me - the last fresh install I did was NetBSD 1.4.1), and made the
> following one-line change to wscons.conf :
> 
>   old: #encoding sv
> 
>   new: encoding uk
> 
> and rebooted.
> 
> Aaarrgh.  I could no longer login as root, because that backslash
> character I'd entered in the root password was, of course, *not* a
> backslash at the time I entered it.  I googled, and surfed for
> keyboard layout information, for all I was worth, for about an hour,
> trying desperately to find out what that key is on a US keyboard - but
> there isn't actually a key to the left of "z" on a US keyboard it
> seems.  Or if there is, I couldn't figure it out.
> 
> I tried pretty much every punctuation character on the keyboard,
> shifted, and Alt'ed, but nothing generated whatever the mystery
> character code needed to be.
> 
> So in the end I rebooted from the NetBSD installation CD, exited the
> installer, mounted my root partition, and edited wscons.conf back to
> the default state again ... it was the quickest way out of this silly
> mess.
> 
> I was moved by my experience to wonder whether the NetBSD installer
> should display a warning (perhaps just for us foreigners) just before
> it asks you to set the root password (have we already told it where we
> are in the world by then ?  I can't remember), pointing out that you
> should avoid any characters that might move about when the keyboard
> layout is reconfigured, (often done promptly after the initial
> install).
> 
> I know this is newbie stuff, so I'll go with whatever you developer
> folks think - I know you know best ;-)
> 
> Cheers
> Nick Boyce
> Bristol, UK
> --
> "... the fundamental design flaws are completely hidden by the
> superficial design flaws."
> Douglas Adams(1952 - 2001): So Long and Thanks For All The Fish.
>