Kernel 2.6.21.5, Slackware 12.0
GNU bash 3.11.17

Hi:
Being in a text console (VT, that is, the screen with 25 x80 chars), say tty1, and just after booting linux, I logged in as usual, typing my password. What happened then astonished me. In Slackware distros, a small quotation from some book is written on screen just after typing the correct password. Well, after typing my password, I could see it split into two halves instead of the quotation.

I think this clearly indicates the presence of a virus in my hard disk. Does it? Regards.

Virus? I doubt it. AFAIK there is none in the wild for *nix systems.

How is this quote handled in Slackware, is it an internet based QotD (http://en.wikipedia.org/wiki/QOTD) or is a file used?

In both circumstances I would assume that the message you got has some escape sequences (commands for the terminal VT) which cause the splitting. Is this reproducible?

Get a screen scrape if possible.

It is a data base on disk from where the system gets the quotations, not internet. And yes, the file "issue" (may be "motd") contains the string 'Linux x.x.x' and some escape sequences. But the splitting happened only once. more importantly, is the fact the the password was echoed on the VT. Of course, then, it is not reproducible.

So, do you know which message in the file (issue?) was to be displayed when the screen split? If so, is there a method to display this again in the same terminal-(type)?

My fault. There are lots of messages, and each session get it own one. Instead of one of the messages getting displayed (there are hundreds of them), the "message" consisted of my password and this, splitted.

Understood. What I am driving at is the possibility that one of these messages was garbled in a way to include the escape sequences to split the screen (and simultaneously suppressing the hiding of your password, thus displaying it in clear text). Shouldn't happen and is clearly a bug, but also it is at least a hypothetical explanation of what happened.

But I'm out of my depth here, security gurus to the fore please .

A 'getty' is connected to a TTY, waits for user input and hands the login process over to 'login' which finally hands over control to the users shell. Well-documented as they are you can read that all binaries in this chain of processes handle escape sequences and read different configuration files. On top of that error output may be logged to the screen and syslog. It would be good to know if the OP has verified the integrity of installed core packages, if he has made any modifications to configuration files that relate to the whole login process or shell behaviour, if he has has replaced (or installed PPP/Fax-tty-related) any software and if any syslog log file holds any clues. If no changes were made and no errors get logged I would disable any MotD and try again. If that doesn't work then see what running a forced getty like 'mingetty --noissue tty1' shows.

Are these binaries controllable by the escape sequences or do they just hand them to next instance? (That was my original idea. Your hints for the OP are much more concise, thanks for coming to the rescue, unSpawn).

Sorry for the late reply. I wouldn't say "controllable" but that escape sequences in resource or configuration files are used to modify output. Sure it would be a bug if an escape sequence modifies output in a way that it echoes the actual password or pass phrase on stdout but to troubleshoot that properly one should first return resource and configuration files to an earlier or initial state so things don't get obscured.

I warmly acknoledge your suggestion, but bear in mind I'm just a novice. There are two possibilities. This can happen right from a fresh installation, in which case it is clearly a bug, or after a certain period of use, as is my case. If the latter, an appropriate procedure, including your hints, could tell whether there is a bug, although it could not tell if there is not.

If the first, this _must_ be known to the slack guys (unfortunately I use 12.0 and do not want to update any further). Regards.

I'm pretty sure that if this actually was a 12.x bug that it would have been fixed fast in upstream. I've never seen it happen in 12.x or 13.x but then again I run it stock, absolutely no mods.

I'll ask in the slack forum (LQ) for a way to get rid of those quotations, because with or without a bug, I was already tired of them. Once in a while, I see myself forced to read one. And believe me, I'm not at all interested in the high thoughts of Sir Winston Churchill. Have a good Sunday.

0 members found this post helpful.

Yes, that is a more fitting expression. As I understand it by now, at any link of the chain of processes the first binary with the inbuilt capability to process an escape sequence does so (and removes the escape sequence in this process) until all are used up else they are part of the output.

Thanks for coming back, unSpawn .