Path: utzoo!attcan!uunet!know!cs.utexas.edu!yale!cmcl2!adm!news
From: emsca!usb!poc@sun.com
Newsgroups: comp.unix.internals
Subject: Re: Finding Passwords
Message-ID: <24752@adm.BRL.MIL>
Date: 11 Oct 90 15:00:59 GMT
Sender: news@adm.BRL.MIL
Lines: 21

Vadim G. Antonov <avg@hq.demos.su> writes:
> 	1) There should be UNMASKABLE method of killing all programs
> 	   reading this terminal. It may be a predefined sequence
> 	   of characters or a special hardware signal like BREAK or
> 	   CARRIER DROP. This feature should be hard-coded in TTY
> 	   driver.

A simpler solution is this: any non-privileged process writing a BEL
(Ctrl-G) to the terminal has it duplicated in the tt output queue, i.e.
	write (1, "\007", 1);
has the effect of
	write (1, "\007\007", 2);
Privileged processes on the other hand do not suffer this modification.
Now include a (single) BEL in e.g. the 'Password: ' prompt, y voila!
(Maybe you want it optional e.g. only in response to a BREAK).

This idea was used in the secure CAP operating system built at Cambridge
in the 70's. Credit goes (I think) to Chris Slinn.

Patrick O'Callaghan	"The secret is to bang the rocks together, folks"
Departamento de Computacion, Universidad Simon Bolivar, Caracas, Venezuela