Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 18 Dec 2014 07:06:38 -0900
From: Royce Williams <>
Subject: Re: bleeding-jumbo: john fails to show status on key press

On Thu, Dec 18, 2014 at 4:17 AM, magnum <> wrote:
> On 2014-12-18 09:35, Frank Dittrich wrote:
>> On 12/18/2014 09:04 AM, Royce Williams wrote:
>>> Why would running john via sudo make key-press status updates not appear?
>> Because the key press would be sent to sudo, not to john.
> Right. If you pass something via stdin (like "cat file | sudo john") it does
> work fine because sudo will pass it on. But stdin is not used for detecting
> keypresses, it polls the tty directly.

I don't know a lot about terminals, but I have run a wide variety of
things through sudo -- including commands that are not doing any line
buffering, like top.

Via sudo, I can run 'showkey' (which shows keycodes for all
keystrokes, even alt/shift/F keys).  For obvious reasons, it is not
line buffering.  All key presses are received.  This includes both
when the key is pressed and when the key is released as two separate
activities.  This also includes ctrl-c and ctrl-z, which showkey
directly receives and responds to with 'caught signal [2|20|etc],
cleaning up'.  This also includes ctrl-s and ctrl-q for controlling
terminal output.

I also discovered that when running 'sudo john', even pressing 'q' to
quit has no effect.

Then I hunted for a program that can take stdin, and also waits in
non-line-buffering mode for a keystroke.  Hashcat came to mind. :-)
When not running under sudo, if I am actively piping to it, it ignores
q and enter, and if I am not piping, it quits on 'q' and shows status
on enter.  But when running under sudo, its behavior is identical to
its non-sudo behavior.  Unlike john, it receives my single keypresses
under sudo when not actively being fed stdin.

For everything else that I know how to test, when running under sudo,
even special/control key presses are being passed by sudo unmodified
to the underlying executable.  What is different about how john is
listening for a key press?


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.