Subject: Re: Serious bug in passwd???
To: Anders Hogrelius <email@example.com>
From: David Maxwell <firstname.lastname@example.org>
Date: 03/18/2004 11:07:24
On Thu, 18 Mar 2004, Anders Hogrelius wrote:
> I just found out something that's seriously wrong in passwd. Since I use
> 1.6.1, I can't say if it's still left in -current or in 1.6.2. What
> happens is this: Lets say you change your mind, and dont want to change
> your password. Hit ctrl+C, right? - Wrong!!! It doesn't leave your
> password untouched, but instead writes a password with unprintable
I've tested, and it does not do that.
Firstly, to change your password, you are required to enter it twice.
If control characters were allowed, the two passwords would still be
required to match, which is unlikely if you're pressing things to break
out of the program.
Pressing Ctrl-C to break out of password does work, but because of the
state the terminal is in, you have to hit enter to get a visible
Try this: run passwd - when asked for your old passwd, press ^C, then
You neither get prompted for a new password, nor notified that you
didn't manage to type the old password - you just get a prompt back -
fairly normal for killing a process with ^C.
It could be argued that passwd ought to reset the tty settings and exit
cleanly on signals.
> Logout after it happens, and you can't get back in, or
> change your password since it will ask you for the old one. The problem
I suspect you changed your password during testing, and didn't realize
which one it still was set to.
David Maxwell, email@example.comfirstname.lastname@example.org -->
Net Musing #5: Redundancy in a network doesn't mean two of everything and
half the staff to run it.
- Tomas T. Peiser, CET