[TUHS] Recovered /etc/passwd files
John P. Linderman
jpl.jpl at gmail.com
Sat Oct 19 23:11:10 AEST 2019
Related story. A user came to us with a problem while we were in our
computer room. We asked him to log in at the VAX console, so we could look
into the problem. Moments later, dozens of users flooded in, asking what
had happened. Seems the first user had a CTRL-P in his password, which,
when entered at the console, triggered the VAX to pause.
On Fri, Oct 18, 2019 at 2:34 PM Royce Williams <royce at techsolvency.com>
wrote:
> On Fri, Oct 18, 2019 at 7:01 AM Royce Williams <royce at techsolvency.com>
> wrote:
>
> > What original caught my attention was the logic behind enforcing
> password quality in passwd.c during a specific era of BSD code, which
> exited ambiguously in a double negative of sorts, where control characters
> were not disallowed during password entry. (I'll try to dig up the source.)
>
> Specifically, see the eras in which passwd.c looked something like this:
>
>
> https://github.com/dank101/4.2BSD/blob/708b3890ac0c2f034f2840b5ee9125b3c83a05bc/bin/passwd.c#L69-L107
>
> while (c = *p++) {
> if (c >= 'a' && c <= 'z')
> flags |= 2;
> else if (c >= 'A' && c <= 'Z')
> flags |= 4;
> else if (c >= '0' && c <= '9')
> flags |= 1;
> else
> flags |= 8;
> }
> if (flags >= 7 && pwlen >= 4)
> ok = 1;
>
> I was intrigued that the "special characters" character set was
> defined negatively, such that control characters would also count.
>
>
> Royce
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://minnie.tuhs.org/pipermail/tuhs/attachments/20191019/1f282a8c/attachment.html>
More information about the TUHS
mailing list