[TUHS] Recovered /etc/passwd files
Royce Williams
royce at techsolvency.com
Sat Oct 19 04:32:37 AEST 2019
On Fri, Oct 18, 2019 at 7:01 AM Royce Williams <royce at techsolvency.com> wrote:
> What original caught my attention was the logic behind enforcing password quality in passwd.c during a specific era of BSD code, which exited ambiguously in a double negative of sorts, where control characters were not disallowed during password entry. (I'll try to dig up the source.)
Specifically, see the eras in which passwd.c looked something like this:
https://github.com/dank101/4.2BSD/blob/708b3890ac0c2f034f2840b5ee9125b3c83a05bc/bin/passwd.c#L69-L107
while (c = *p++) {
if (c >= 'a' && c <= 'z')
flags |= 2;
else if (c >= 'A' && c <= 'Z')
flags |= 4;
else if (c >= '0' && c <= '9')
flags |= 1;
else
flags |= 8;
}
if (flags >= 7 && pwlen >= 4)
ok = 1;
I was intrigued that the "special characters" character set was
defined negatively, such that control characters would also count.
Royce
More information about the TUHS
mailing list