Reading Passwords From /dev/tty
evan at eklitzke.org
Tue Aug 1 07:26:03 CEST 2017
I have a question about something I've seen in the GnuPG source code, and I
hope someone here knows the answer.
Many Unix programs, including GPG, read from /dev/tty when reading a
password. In GnuPG the code for this lives in common/ttyio.c, in particular
via tty_get_hidden() which calls do_get(). As I understand it, you get a
pseudo-TTY (pty) file descriptor when you open /dev/tty, and then that fd
is put into no echo mode before reading the password. This is also how sudo
reads passwords (by default anyway, it has a mode to fall back to stdin).
I have seen some other projects that read passwords by putting stdin into
no echo mode, and then literally just reading from stdin. This *does* seem
to work (assuming you make sure to restore echoing after reading the
password!), but I am curious why projects like GPG and sudo prefer using
/dev/tty. Does anyone know what the argument is for using a pseudo-TTY?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnupg-devel