| Summary: | xdm gives away password length | ||
|---|---|---|---|
| Product: | xorg | Reporter: | Ferenc Wágner <wferi> |
| Component: | App/xdm | Assignee: | Alan Coopersmith <alan.coopersmith> |
| Status: | RESOLVED FIXED | QA Contact: | Xorg Project Team <xorg-team> |
| Severity: | normal | ||
| Priority: | medium | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | All | ||
| Whiteboard: | |||
| i915 platform: | i915 features: | ||
|
Description
Ferenc Wágner
2011-01-03 06:17:40 UTC
Really, someone close enough to count the number of pixels can count the number of times they heard your fingers press a key down - I can't get excited about this as a huge information leak. That said, I've been thinking about getting rid of this code anyway now that we have password asterisks for feedback, so it may go away or become configurable at some point. I mostly agree, but still wanted to relay the request. Your plan sounds perfectly good, thanks! Will be fixed by this pair of patches submitted to xorg-devel for review: http://patchwork.freedesktop.org/patch/4181/ http://patchwork.freedesktop.org/patch/4182/ Those who want a moving cursor after these patches can simply set: xlogin*echoPasswd: true xlogin*echoPasswdChar: in their Xresources to have a space for the echoed character. Revised fix pushed to git master: http://cgit.freedesktop.org/xorg/app/xdm/commit/?id=3297eb892017c850f25d3dc4a37095612a20a381 Now default is no response, previous behavior can be restored by: xlogin*echoPasswd: true xlogin*echoPasswdChar: (i.e. a blank echo character) Thanks for this feature! |
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.