Hi, su password prompt is displayed to *stdout* instead of */dev/tty*. # su user $ su root -c date > /tmp/date 2>&1 (nothing displayed) $ cat /tmp/date Password:su: Sorry $ uname -a FreeBSD freebsd8.my.domain 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Sat Nov 21 15:48:17 UTC 2009 root@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 I suppose this is a getpass() problem ? Regards, Cyrille Lefevre -- mailto:Cyrille.Lefevre-lists@laposte.net
Hi, Cyrille Lefevre wrote:> > Hi, > > su password prompt is displayed to *stdout* instead of */dev/tty*. > > # su user > $ su root -c date > /tmp/date 2>&1 > (nothing displayed) > $ cat /tmp/date > Password:su: Sorry > $ uname -a > FreeBSD freebsd8.my.domain 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Sat Nov > 21 15:48:17 UTC 2009 > root@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 > > I suppose this is a getpass() problem ? >I cannot reproduce this. In fact, su root -c date > /tmp/date hangs waiting for input. orion % su root -c date > /tmp/date ^C su: Sorry orion % less /tmp/date Password: orion % Also, you appear to be running an unpatched version of FreeBSD 8.0, subject to the rtld exploit (among a few others). I'd suggest upgrading. For what it's worth: orion % uname -a FreeBSD orion 8.0-STABLE FreeBSD 8.0-STABLE #20 r202187: Wed Jan 13 11:51:15 EST 2010 root@orion:/usr/obj/usr/src/sys/ORION amd64 Regards, -- Glen Barber
Cyrille Lefevre a ?crit :> > > sorry, repost to -standards w/ an s ! > > jhell a ?crit : >> On Sun, 24 Jan 2010 21:57, glen.j.barber@ wrote: >>> >>> Cyrille Lefevre wrote: >>>> >>>> su password prompt is displayed to *stdout* instead of */dev/tty*. >>>> >>>> # su user >>>> $ su root -c date > /tmp/date 2>&1 >>>> (nothing displayed) >>>> $ cat /tmp/date >>>> Password:su: Sorry >>>> $ uname -a >>>> FreeBSD freebsd8.my.domain 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Sat Nov >>>> 21 15:48:17 UTC 2009 >>>> root@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 >>>> >>>> I suppose this is a getpass() problem ? >>>> >> >> This is intended operation as su(1) may not always be affiliated with >> a TTY. This leaves it open for a script to chat with much like what >> samba does with its passwd chat mechanism. > > just to feed the debate : > > aix 5.2 : prompt to tty > hp-ux : prompt to stderr > netbsd : prompt to tty > solaris 9 : prompt to stderr > solaris 10 : prompt to tty > openbsd : prompt to tty > ubuntu : prompt to stderr > > freebsd is the only one which prompt to stdout ! > IMHO, it should at least prompt to stderr if not tty... > and report errors to stderr as usually. > > CC -standardsfound it, the guilty is prompt() in src/contrib/openpam/lib/openpam_ttyconv.c and not getpass() as usual... => fputs(msg, stdout); which should be, IMHO, something like : FILE *ttyp; ttyp = fopen("/dev/tty", "w") if (!stdtty) ttyp = isatty(fileno(stderr)) ? stderr : stdout; fputs(msg, ttyp); or, at least : fputs(msg, stderr); Regards, Cyrille Lefevre -- mailto:Cyrille.Lefevre-lists@laposte.net
Has anyone checked what POSIX has to say about this? And does this issue affect more than just su? Doug -- Improve the effectiveness of your Internet presence with a domain name makeover! http://SupersetSolutions.com/ Computers are useless. They can only give you answers. -- Pablo Picasso