Reading Passwords From /dev/tty
evan at eklitzke.org
Fri Aug 4 08:55:23 CEST 2017
On Tue, Aug 1, 2017 at 7:58 AM, Daniel Kahn Gillmor
<dkg at fifthhorseman.net> wrote:
> Hi Evan--
> On Tue 2017-08-01 05:26:03 +0000, Evan Klitzke wrote:
> > I have seen some other projects that read passwords by putting stdin into
> > no echo mode, and then literally just reading from stdin. This *does* seem
> > to work (assuming you make sure to restore echoing after reading the
> > password!), but I am curious why projects like GPG and sudo prefer using
> > /dev/tty. Does anyone know what the argument is for using a pseudo-TTY?
> gpg might be used in a pipeline from within a terminal. In that case,
> the program might want to know the "controlling terminal" for the
> process (see the manpage tty(4) e.g. via "man 4 tty"), and it might
> choose to prompt the user there, even if stdin, stdout, and stderr are
> all pointing somewhere else.
That does make sense. I've also noticed that it is easier to interact
with programs that use /dev/tty, as it's a lot simpler for the parent
process to detect and interact with the password prompt (especially in
the case where the program prints non-prompt data to stdout). I wanted
to send out a few patches to programs that don't already use /dev/tty,
and having this answer will surely help.
P.S. Thanks Werner as well, your answer also made a lot of sense.
More information about the Gnupg-devel