[sudo-workers] Interactively Reading Passwords From A Terminal
evan at eklitzke.org
Wed Jul 26 15:06:49 MDT 2017
This question is perhaps a little bit off topic, but it's puzzled me for a
while now, and I figure if anyone knows a real technical explanation, it
would be the sudo developers.
Many programs on Unix systems need to interactively read a password from a
terminal. Obviously, sudo is a well known example of such a program.
However, there are many others, e.g. you may need to enter a password to
connect to a SQL database, to GPG decrypt some files, etc.
Before reading a password, the program should put the terminal into noecho
mode, so that the password isn't displayed as the user types it in. I have
seen two different ways of doing this. Programs such as sudo and gpg create
a pseudo-tty (pty) by opening /dev/tty, use an ioctl to put the pty into
noecho mode, and then read the password from the pty file descriptor.
Tehcnically this is configurable -- sudo is capable of reading from stdin
-- by opening /dev/tty is the default behavior of sudo. Some other programs
(usually written by people who I suspect have more shallow Unix systems
programming expertise) do not create a pty: instead, they always put stdin
(i.e. file descriptor 0) into noecho mode read the password from stdin, and
then restore stdin back to echo mode.
What is the rationale behind using a pty via /dev/tty instead of just using
stdin? I looked at the relevant code in the sudo source repo
(src/tgetpass.c) and it doesn't explain why /dev/tty is preferred.
More information about the sudo-workers