rsalz@bbn.com (Rich Salz) (09/27/90)
This only works in C-shell derivatives. Type "goto <SomePassword>" and then enough blank lines to clear the screen. When you come back, type "<SomePassword>:" and RETURN. As an interesting exercise, type the following lines foo: csh exit goto foo -- Please send comp.sources.unix-related mail to rsalz@uunet.uu.net. Use a domain-based address or give alternate paths, or you may lose out.
pfalstad@phoenix.Princeton.EDU (Paul John Falstad) (09/28/90)
In article <2863@litchi.bbn.com> rsalz@bbn.com (Rich Salz) writes: >This only works in C-shell derivatives. Type "goto <SomePassword>" and >then enough blank lines to clear the screen. > >When you come back, type "<SomePassword>:" and RETURN. I hope someone tries that at my site so I can type control-D and then poke around in his account until he comes back to his terminal. >As an interesting exercise, type the following lines > foo: > csh > exit > goto foo Interesting. You can break out of it with kill -STOP $$. If Lafontaine's elk would spurn Tom Jones, the engine must be our head, the dining car our esophagus, the guardsvan our left lung, the kettle truck our shins, the first class compartment the piece of skin at the nape of the neck, and the level crossing an electric elk called Simon.
jls@hsv3.UUCP (James Seidman) (09/28/90)
In article <2863@litchi.bbn.com> rsalz@bbn.com (Rich Salz) writes: >This only works in C-shell derivatives. Type "goto <SomePassword>" and >then enough blank lines to clear the screen. > >When you come back, type "<SomePassword>:" and RETURN. Out of curiosity, what's to keep someone from just coming along and typing a ^D to get them out of this? A ^D will cause an end to the current input, and make it say "<SomePassword>: label not found." (Then leaving the shell wide open for someone to rm -r *.) -- Jim Seidman (Drax), the accidental engineer. UUCP: ames!vsi1!headland!jls ARPA: jls%headland.UUCP@ames.nasa.arc.gov
subbarao@phoenix.Princeton.EDU (Kartik Saligrama Subbarao) (09/28/90)
In article <2874@idunno.Princeton.EDU> pfalstad@phoenix.Princeton.EDU (Paul John Falstad) writes: >In article <2863@litchi.bbn.com> rsalz@bbn.com (Rich Salz) writes: >>This only works in C-shell derivatives. Type "goto <SomePassword>" and >>then enough blank lines to clear the screen. >> >>When you come back, type "<SomePassword>:" and RETURN. > >I hope someone tries that at my site so I can type control-D and then >poke around in his account until he comes back to his terminal. > >>As an interesting exercise, type the following lines >> foo: >> csh >> exit >> goto foo > >Interesting. You can break out of it with kill -STOP $$. Or a simple control - D followed by a control - C... -Kartik (I need a new .signature -- any suggestions?) subbarao@{phoenix or gauguin}.Princeton.EDU -|Internet kartik@silvertone.Princeton.EDU (NeXT mail) -| SUBBARAO@PUCC.BITNET - Bitnet
jms@tardis.Tymnet.COM (Joe Smith) (09/28/90)
In article <2863@litchi.bbn.com> rsalz@bbn.com (Rich Salz) writes:
This only works in C-shell derivatives. Type "goto <SomePassword>" and
then enough blank lines to clear the screen.
When you come back, type "<SomePassword>:" and RETURN.
The first thing I'd try if I saw a bunch of question marks on the screen is
Control-D. That breaks out of your little hack, and tells me the password.
--
Joe Smith (408)922-6220 | SMTP: jms@tardis.tymnet.com or jms@gemini.tymnet.com
BT Tymnet Tech Services | UUCP: ...!{ames,pyramid}!oliveb!tymix!tardis!jms
PO Box 49019, MS-C41 | BIX: smithjoe | 12 PDP-10s still running! "POPJ P,"
San Jose, CA 95161-9019 | humorous dislaimer: "My Amiga 3000 speaks for me."gt0815c@prism.gatech.EDU (Joseph Minieri) (09/28/90)
Compile this program and run it - I think it works better and is less a "hack":
#include <signal.h>
main()
{
char test[100];
signal(2,SIG_IGN);
signal(3,SIG_IGN);
signal(15,SIG_IGN);
signal(18,SIG_IGN);
strcpy(test,getpass("Key:"));
if(0 == strcmp(getpass("Again:"),test) ) {
while(0 != strcmp(test,getpass("")));
}
}
Joe Minieribrad@SSD.CSD.HARRIS.COM (Brad Appleton) (09/28/90)
In article <2874@idunno.Princeton.EDU> pfalstad@phoenix.Princeton.EDU (Paul John Falstad) writes: >In article <2863@litchi.bbn.com> rsalz@bbn.com (Rich Salz) writes: >>This only works in C-shell derivatives. Type "goto <SomePassword>" and >>then enough blank lines to clear the screen. >> >>When you come back, type "<SomePassword>:" and RETURN. > >I hope someone tries that at my site so I can type control-D and then >poke around in his account until he comes back to his terminal. > >>As an interesting exercise, type the following lines >> foo: >> csh >> exit >> goto foo > >Interesting. You can break out of it with kill -STOP $$. > >If Lafontaine's elk would spurn Tom Jones, the engine must be our head, the >dining car our esophagus, the guardsvan our left lung, the kettle truck our >shins, the first class compartment the piece of skin at the nape of the neck, >and the level crossing an electric elk called Simon. Ive been using the following lock-script for several years without any problems: NOTE: you will need to physically change all '^M's in the script to be CTRL-M (literally). I changed it to '^' 'M' for the sake of posting (and worrying it might get lost in translation). -------------------------------------------------------------------------------- #!/bin/sh # # lock - Bourne Shell lockscreen utility # # Created 5/19/88 by Brad Appleton # USAGE="usage: lock [-p] [-b] [-f [filename] ]" # # -p set-up a password for future uses of lock # -f get lock-message from file (or use default) # -b use Banner to display lock message # # if -f is not given then the lock message is taken from the command # line ("SCREEN LOCKED" is displayed if no args are given). # # The -p option need only be used the first time lock is invoked. # It will ask for a password, prompt for verification, then write it # to a hidden file with owner-read-only permission. This file is # used to get the password for all following invocations of lock # (unless of course you use -p to reset the password). # # NOTE # ==== # Once the screen is locked you must press a PHYSICAL LINEFEED # to get prompter for the user password. Return will not do it # since the keyboard is in raw mode to disable suspend signals. # (some signals can be caught by trap, others cant). # trap '' 1 2 3 14 15 ## turn off keyboard interrupts set -- `getopt fpb $*` ## parse command options (using getopt - yuck!) for i in $* ; do ## cycle thru opts case $i in -f) fFLAG="TRUE" ; shift;; --) shift; break;; -p) pFLAG="TRUE" ; shift;; -b) bFLAG="TRUE" ; shift;; esac done if [ "$fFLAG" ] ; then ## get name of file to display if [ $# -gt 0 ] ; then filename=$1 shift else filename="$HOME/.msgfile" fi ## if args fi ## if -f stty -echo ## turn echo mode off if [ "$pFLAG" ] ; then ## now get password echo "\nEnter password for locking: " pw=`line` echo "\nRetype password for verification: " verify=`line` if [ ! "$pw" = "$verify" ] ; then echo "+++ Mismatch - no password created +++" stty echo -raw ## turn echo mode back on (kill raw mode) exit 1 else ## create password file cat > $HOME/.lockpw <<EOD $pw EOD chmod 600 $HOME/.lockpw ## restrict access to password file fi else if [ ! -f $HOME/.lockpw ] ; then ## no password -- abort stty echo -raw echo "\nlock: use the -p option to create a password.\n\n$USAGE\n" exit 1 fi fi ## if -p if [ $# -eq 0 ] ; then ## get message to display mesg="SCREEN LOCKED" else mesg="$*" fi stty raw ## turn raw mode on to disable ^Z and ^Y done="FALSE" ## set loop condition while [ "$done" = "FALSE" ]; do ## display message clear if [ "$fFLAG" = "TRUE" -a -f "$filename" ] ; then sed 's/$/^M/' $filename ## hardcode those linefeeds elif [ "$bFLAG" = "TRUE" ] ; then banner $mesg | sed 's/$/^M/' else echo "^M\n^M\n^M\n^M\n^M\n^M\n^M\n^M\n" echo " $mesg^M" fi read input ## wait for a linefeed echo "^M\nEnter Password: ^M\n" ## get password read input pw=`cat $HOME/.lockpw` ## validate password" if [ "$input" = "$pw" \ -o "$input" = "$pw^M" \ -o "$input" = "$pw^M^M" ] ; then done="TRUE" else echo "^M\n+++ Password Incorrect +++" sleep 1 fi done stty echo -raw ## reset terminal clear exit ______________________ "And miles to go before I sleep." ______________________ Brad Appleton brad@travis.ssd.csd.harris.com Harris Computer Systems ...!uunet!hcx1!brad Fort Lauderdale, FL USA ~~~~~~~~~~~~~~~~~~~~ Disclaimer: I said it, not my company! ~~~~~~~~~~~~~~~~~~~
lwall@jpl-devvax.JPL.NASA.GOV (Larry Wall) (09/29/90)
In article <1097@travis.csd.harris.com> brad@SSD.CSD.HARRIS.COM (Brad Appleton) writes:
: Ive been using the following lock-script for several years without any problems:
Offhand, I see several little problems with your lock script.
1) There's a race condition between creating .lockpw and and
protecting it as unreadable. If I write a little busy loop
trying to open your .lockpw file, I'll get your passwd when
you change it.
2) Writing the password file with a here-document also gives a
window on the temp file that the shell creates in /tmp. On
my system, it's readable by the world.
3) The length of .lockpw gives away the length of your password.
Human nature being what it is, a lot of people will have a .lockpw
that's 2 characters long, and one of them is a line feed.
4) Suppose you lock up your terminal with the password "fiddle".
On my machine at least, if I come up to your locked terminal
and type "!" as a password, I get the message
"test: unknown operator fiddle".
Oops.
5) You should force PATH to known directories, or at least check
that '.' is only at the end. Otherwise, if you're cd'ed to
a directory I have control of...
6) You probably shouldn't store the password in plain text. If
your disk partition is ever left readable by the world, your
password is visible. (Of course, if anyone can read the disk,
your terminal locker is probably the least of your worries.)
7) On systems without a builtin test, a ps at the proper moment will
show the test command with your password visible.
Other than that, it looks great! :-)
Larryurlichs@smurf.sub.org (Matthias Urlichs) (09/29/90)
In comp.unix.admin, article <2863@litchi.bbn.com>,
rsalz@bbn.com (Rich Salz) writes:
<
< As an interesting exercise, type the following lines [ to csh ]
< foo:
< csh
< exit
< goto foo
<
Neat...
% kill -STOP $$
% kill -9 %1
I don't know how to get out of this on a system without job control (assuming
that you don't want to kill the first shell). Any ideas?
--
Matthias Urlichs -- urlichs@smurf.sub.org -- urlichs@smurf.ira.uka.de /(o\
Humboldtstrasse 7 - 7500 Karlsruhe 1 - FRG -- +49+721+621127(0700-2330) \o)/karl@MorningStar.Com (Karl Fox) (10/03/90)
In article <2863@litchi.bbn.com> rsalz@bbn.com (Rich Salz) writes:
This only works in C-shell derivatives. Type "goto <SomePassword>" and
then enough blank lines to clear the screen.
When you come back, type "<SomePassword>:" and RETURN.
Except that ^D breaks it (on a Sun):
remora 104% csh
remora 101% goto SomePassword
?
? foo:
? csh
? exit
? goto foo
?
? ^C^C^C
? ^Z^Z^Z
?
? ^DSomePassword: label not found.
remora 102%
--
"I hear you guys deal with such dreck | Karl Fox, Morning Star Technologies
as SNA and X.25." -Ed Vielmetti | karl@MorningStar.Com