aboutsummaryrefslogtreecommitdiff
path: root/sys/kern/tty_inq.c
diff options
context:
space:
mode:
authorEd Schouten <ed@FreeBSD.org>2009-05-21 16:19:54 +0000
committerEd Schouten <ed@FreeBSD.org>2009-05-21 16:19:54 +0000
commit770c15f60f023900ca40d1d91ee89ba3b08df29a (patch)
tree3492e44375525efbb4817fb3faa2bdb7a94bdbd8 /sys/kern/tty_inq.c
parentd422da9a0a969d4a1b82327fb10d63214e59cabc (diff)
downloadsrc-770c15f60f023900ca40d1d91ee89ba3b08df29a.tar.gz
src-770c15f60f023900ca40d1d91ee89ba3b08df29a.zip
Add a new sysctl: kern.tty_inq_flush_secure.
When enabled all TTY input queue buffers are zeroed when flushing or closing the TTY. Because TTY input queues are also used to store filled in passwords, this may be an interesting switch to enable for security minded people.
Notes
Notes: svn path=/head/; revision=192544
Diffstat (limited to 'sys/kern/tty_inq.c')
-rw-r--r--sys/kern/tty_inq.c22
1 files changed, 8 insertions, 14 deletions
diff --git a/sys/kern/tty_inq.c b/sys/kern/tty_inq.c
index 60a13de4e0e1..0ef407935056 100644
--- a/sys/kern/tty_inq.c
+++ b/sys/kern/tty_inq.c
@@ -68,6 +68,9 @@ SYSCTL_ULONG(_kern, OID_AUTO, tty_inq_nfast, CTLFLAG_RD,
static unsigned long ttyinq_nslow = 0;
SYSCTL_ULONG(_kern, OID_AUTO, tty_inq_nslow, CTLFLAG_RD,
&ttyinq_nslow, 0, "Buffered reads to userspace on input");
+static int ttyinq_flush_secure = 0;
+SYSCTL_INT(_kern, OID_AUTO, tty_inq_flush_secure, CTLFLAG_RW,
+ &ttyinq_flush_secure, 0, "Zero buffers while flushing");
#define TTYINQ_QUOTESIZE (TTYINQ_DATASIZE / BMSIZE)
#define BMSIZE 32
@@ -376,28 +379,19 @@ ttyinq_findchar(struct ttyinq *ti, const char *breakc, size_t maxlen,
void
ttyinq_flush(struct ttyinq *ti)
{
+ struct ttyinq_block *tib = ti->ti_lastblock;
ti->ti_begin = 0;
ti->ti_linestart = 0;
ti->ti_reprint = 0;
ti->ti_end = 0;
-}
-
-#if 0
-void
-ttyinq_flush_safe(struct ttyinq *ti)
-{
- struct ttyinq_block *tib;
-
- ttyinq_flush(ti);
- /* Zero all data in the input queue to make it more safe */
- TAILQ_FOREACH(tib, &ti->ti_list, tib_list) {
- bzero(&tib->tib_quotes, sizeof tib->tib_quotes);
- bzero(&tib->tib_data, sizeof tib->tib_data);
+ /* Zero all data in the input queue to get rid of passwords. */
+ if (ttyinq_flush_secure) {
+ for (tib = ti->ti_firstblock; tib != NULL; tib = tib->tib_next)
+ bzero(&tib->tib_data, sizeof tib->tib_data);
}
}
-#endif
int
ttyinq_peekchar(struct ttyinq *ti, char *c, int *quote)