diff options
author | Ed Schouten <ed@FreeBSD.org> | 2009-05-21 16:19:54 +0000 |
---|---|---|
committer | Ed Schouten <ed@FreeBSD.org> | 2009-05-21 16:19:54 +0000 |
commit | 770c15f60f023900ca40d1d91ee89ba3b08df29a (patch) | |
tree | 3492e44375525efbb4817fb3faa2bdb7a94bdbd8 /sys/kern/tty_inq.c | |
parent | d422da9a0a969d4a1b82327fb10d63214e59cabc (diff) | |
download | src-770c15f60f023900ca40d1d91ee89ba3b08df29a.tar.gz src-770c15f60f023900ca40d1d91ee89ba3b08df29a.zip |
Add a new sysctl: kern.tty_inq_flush_secure.
When enabled all TTY input queue buffers are zeroed when flushing or
closing the TTY. Because TTY input queues are also used to store filled
in passwords, this may be an interesting switch to enable for security
minded people.
Notes
Notes:
svn path=/head/; revision=192544
Diffstat (limited to 'sys/kern/tty_inq.c')
-rw-r--r-- | sys/kern/tty_inq.c | 22 |
1 files changed, 8 insertions, 14 deletions
diff --git a/sys/kern/tty_inq.c b/sys/kern/tty_inq.c index 60a13de4e0e1..0ef407935056 100644 --- a/sys/kern/tty_inq.c +++ b/sys/kern/tty_inq.c @@ -68,6 +68,9 @@ SYSCTL_ULONG(_kern, OID_AUTO, tty_inq_nfast, CTLFLAG_RD, static unsigned long ttyinq_nslow = 0; SYSCTL_ULONG(_kern, OID_AUTO, tty_inq_nslow, CTLFLAG_RD, &ttyinq_nslow, 0, "Buffered reads to userspace on input"); +static int ttyinq_flush_secure = 0; +SYSCTL_INT(_kern, OID_AUTO, tty_inq_flush_secure, CTLFLAG_RW, + &ttyinq_flush_secure, 0, "Zero buffers while flushing"); #define TTYINQ_QUOTESIZE (TTYINQ_DATASIZE / BMSIZE) #define BMSIZE 32 @@ -376,28 +379,19 @@ ttyinq_findchar(struct ttyinq *ti, const char *breakc, size_t maxlen, void ttyinq_flush(struct ttyinq *ti) { + struct ttyinq_block *tib = ti->ti_lastblock; ti->ti_begin = 0; ti->ti_linestart = 0; ti->ti_reprint = 0; ti->ti_end = 0; -} - -#if 0 -void -ttyinq_flush_safe(struct ttyinq *ti) -{ - struct ttyinq_block *tib; - - ttyinq_flush(ti); - /* Zero all data in the input queue to make it more safe */ - TAILQ_FOREACH(tib, &ti->ti_list, tib_list) { - bzero(&tib->tib_quotes, sizeof tib->tib_quotes); - bzero(&tib->tib_data, sizeof tib->tib_data); + /* Zero all data in the input queue to get rid of passwords. */ + if (ttyinq_flush_secure) { + for (tib = ti->ti_firstblock; tib != NULL; tib = tib->tib_next) + bzero(&tib->tib_data, sizeof tib->tib_data); } } -#endif int ttyinq_peekchar(struct ttyinq *ti, char *c, int *quote) |