[hackers] [ubase][PATCH] login: obfuscate non-existent users

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: ilmich <ardutu_AT_gmail.com>
Date: Mon, 3 Dec 2018 12:44:19 +0100

---
 login.c | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/login.c b/login.c
index 25a59e4..9e1b08f 100644
--- a/login.c
+++ b/login.c
_AT_@ -76,6 +76,7 @@ main(int argc, char *argv[])
  uid_t uid;
  gid_t gid;
  int pflag = 0;
+ int fakelogin = 0;
  ARGBEGIN {
  case 'p':
_AT_@ -97,22 +98,24 @@ main(int argc, char *argv[])
  if (!pw) {
  if (errno)
  eprintf("getpwnam %s:", user);
- else
- eprintf("who are you?\n");
+ else {
+ /* eprintf("who are you?\n"); fake login instead of showing error */
+ fakelogin = 1;
+ }
  }
- uid = pw->pw_uid;
- gid = pw->pw_gid;
-
  /* Flush pending input */
  ioctl(0, TCFLSH, (void *)0);
  pass = getpass("Password: ");
  if (!pass)
  eprintf("getpass:");
- if (pw_check(pw, pass) <= 0)
+ if (fakelogin || pw_check(pw, pass) <= 0)
  exit(1);
+ uid = pw->pw_uid;
+ gid = pw->pw_gid;
+
  tty = ttyname(0);
  if (!tty)
  eprintf("ttyname:");
-- 
2.14.5

Received on Mon Dec 03 2018 - 12:44:19 CET

This archive was generated by hypermail 2.3.0 : Mon Dec 03 2018 - 12:48:22 CET