[sudo-workers] Interactively Reading Passwords From A Terminal

[Evan Klitzke]

Hi,

This question is perhaps a little bit off topic, but it's puzzled me for a
while now, and I figure if anyone knows a real technical explanation, it
would be the sudo developers.

Many programs on Unix systems need to interactively read a password from a
terminal. Obviously, sudo is a well known example of such a program.
However, there are many others, e.g. you may need to enter a password to
connect to a SQL database, to GPG decrypt some files, etc.

Before reading a password, the program should put the terminal into noecho
mode, so that the password isn't displayed as the user types it in. I have
seen two different ways of doing this. Programs such as sudo and gpg create
a pseudo-tty (pty) by opening /dev/tty, use an ioctl to put the pty into
noecho mode, and then read the password from the pty file descriptor.
Tehcnically this is configurable -- sudo is capable of reading from stdin
-- by opening /dev/tty is the default behavior of sudo. Some other programs
(usually written by people who I suspect have more shallow Unix systems
programming expertise) do not create a pty: instead, they always put stdin
(i.e. file descriptor 0) into noecho mode read the password from stdin, and
then restore stdin back to echo mode.

What is the rationale behind using a pty via /dev/tty instead of just using
stdin? I looked at the relevant code in the sudo source repo
(src/tgetpass.c) and it doesn't explain why /dev/tty is preferred.

Thanks,
Evan Klitzke
-- 
Evan Klitzke
https://eklitzke.org/