From 87b9e3f482bc0d85c8dc0c622fbb4b3b48d834dd Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Sat, 31 Dec 2005 19:20:50 +0000 Subject: Make useradd -p slightly less dangerous by overwriting the encrypted password in argv. This doesn't solve the problem; it just reduces the amount of time that encrypted password is available via ps. OK deraadt@ and krw@ --- usr.sbin/user/user.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/usr.sbin/user/user.c b/usr.sbin/user/user.c index b740fdd24ce..a18e76eb297 100644 --- a/usr.sbin/user/user.c +++ b/usr.sbin/user/user.c @@ -1,4 +1,4 @@ -/* $OpenBSD: user.c,v 1.65 2005/08/27 23:12:36 deraadt Exp $ */ +/* $OpenBSD: user.c,v 1.66 2005/12/31 19:20:49 millert Exp $ */ /* $NetBSD: user.c,v 1.69 2003/04/14 17:40:07 agc Exp $ */ /* @@ -1693,6 +1693,7 @@ useradd(int argc, char **argv) #ifdef EXTENSIONS case 'p': memsave(&u.u_password, optarg, strlen(optarg)); + memset(optarg, 'X', strlen(optarg)); break; #endif #ifdef EXTENSIONS @@ -1825,6 +1826,7 @@ usermod(int argc, char **argv) #ifdef EXTENSIONS case 'p': memsave(&u.u_password, optarg, strlen(optarg)); + memset(optarg, 'X', strlen(optarg)); u.u_flags |= F_PASSWORD; break; #endif -- cgit v1.2.3