whither 1.00's "passwd -p ..." ?
Paul Fox
pgf at brightstareng.com
Thu Jul 5 13:58:05 UTC 2007
vda wrote:
>
> piping password is indeed safe(r) since it is not visible in ps
> (echo is sheel internal builtin and won't show up in ps either).
a while ago we thought we had need of the password-from-stdin
feature, and i did manage to get busybox passwd to do it, though
i don't recommend it. i include it here for your amusement, or
horror, as you wish. this is mail i sent to a colleage at the
time:
i wrote:
> the reason the busybox passwd command doesn't work when the passwords
> are on stdin like this:
> echo -e 'thistest\nthistest' | passwd root
>
> is that because stdin isn't line-buffered, the whole string, including
> the newline, is consumed in answer to the first "Enter new password:"
> prompt, so there's nothing left for the "Re-enter new password:" prompt.
>
> however, busybox does truncate the response at the newline. so
> to get it to work (WARNING! this is REALLY REALLY UGLY), you "simply"
> cause the first read() to be exactly satisfied with the first response,
> and provide the second response after that. the read() size in
> this version of busybox is 255, so this command:
> (echo -e
> 'xyzzy\njjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj
> jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj
> jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj
> jjjjjjjjjjjjjjjj'; echo xyzzy) | passwd root
>
> does reset the password. (that's enough 'j's to make the
> first echo produce exactly 255 characters.)
>
> the latest busybox has unchanged behavior, except the the buffer
> is shorter -- only 63 characters total. so (unsurprisingly) a
> script based on this technique would not survive a busybox
> upgrade.
in the end, we decided we didn't need the feature, so i'm afraid
i have no patch to offer, in compensation for making you read the
above atrocious solution. :-)
paul
=---------------------
paul fox, pgf at brightstareng.com
More information about the busybox
mailing list