Incorrect login that remains on the display, can help hackers penetrate the system.
Steps to Reproduce:
1. Switch to tty2 by pressing Ctrl-Alt-F2.
2. See login prompt.
3. Put incorrect login name.
4. Press Ctrl-C combination.
The login / password request is not reset, the displayed login remains on the display.
Login/password lines must be cleared by calling Ctrl-C combination.
Login prompt must be reseted fully, not just adding new login prompt to new line at the end of display buffer (as in qingy).
qingy resets the login prompt by Ctrl-C combination from login, but not resets by password line.
And qingy resets prompt from login by adding new prompt to the end of buffer - e.g. not clear display before putting new prompt, and previous login still stay on display.
But qingy resets login prompt so quickly, that pressed Ctrl-C combination may call qingy trigger, which block tty after some number of prompt resettings.
Please, also add some timeout after resetting terminal, before enabling read info from stdin. For example - this timeout may be 333ms (1/3 of second) - it is enough to delay before entering a new login and comfort for human, but not enough to overload the system.
I can confirm your observation. There has been an issue with agetty and CTRL+C invocation in the past:
But this seems to be fixed since util-linux-2.36-rc1.
Do you mind filing this issue at util-linux upstream? Feel free to cross-reference between the upstream issue and this bug.
If you urgently need this feature, net-dialup/mingetty seems to clear the screen by pressing CTRL+C.
Bug registered at https://github.com/karelzak/util-linux/issues/1399
> If you urgently need this feature, net-dialup/mingetty seems to clear the screen by pressing CTRL+C.
I think, that this functionality is basic and must be realized in standard system utilities by default.
(In reply to Bogdan from comment #2)
> Bug registered at https://github.com/karelzak/util-linux/issues/1399
(In reply to Bogdan from comment #3)
> > If you urgently need this feature, net-dialup/mingetty seems to clear the screen by pressing CTRL+C.
> I think, that this functionality is basic and must be realized in standard
> system utilities by default.
I fully agree.
I don't know which version of util-linux has this updates.
(In reply to Bogdan from comment #5)
The change was committed 7 hours ago, and no release has been tagged since then.
According to the upstream developer, this is a new feature (not a bug fix), so I don't think a backport is appropriate. I think we should just wait for the next tagged release.
The bug has been closed via the following commit(s):
Author: Lars Wendler <firstname.lastname@example.org>
AuthorDate: 2021-08-11 12:25:48 +0000
Commit: Lars Wendler <email@example.com>
CommitDate: 2021-08-11 12:30:42 +0000
sys-apps/util-linux: Revbump to add various upstream fixes
* Erase names in agetty by pressing CTRL-C (#804972)
* Fixed user mount of davfs2 filesystems (#805218)
* Fixed lscpu segfault on riscv plattform with upstream patch (#802606)
+ Fixed potential buffer overflow in ipcutils (#806070) (CVE-2021-37600)
Signed-off-by: Lars Wendler <firstname.lastname@example.org>
.../util-linux-2.37.1-agetty_ctrl-c_erase.patch | 50 +++
.../util-linux-2.37.1-ipcutils_calloc_check.patch | 25 ++
.../util-linux-2.37.1-libmount_setgroups_fix.patch | 38 +++
...l-linux-2.37.1-lscpu_NULL_dereference_fix.patch | 50 +++
sys-apps/util-linux/util-linux-2.37.1-r1.ebuild | 338 +++++++++++++++++++++
5 files changed, 501 insertions(+)