[tokamak-teapot]

If you read the source of ‘cat’ and ‘more’ you’ll see that if they are reading /etc/passwd they replace the passwords of system users with ‘*’, unless you are uid 0.

When ‘less’ was created, there was a bug where when you scrolled upwards the passwords would be revealed, so it was decided that the passwords should be replaced with actual asterisks and stored in individual files per-user.

For security, these files were given access rights only for the owning user, and immediately deleted, with an encoded copy of their inode number being stored in /etc/shadow.

Fun fact: forced password changes were initially introduced when disks were getting full and deleted inodes of user password files were due to be overwritten. “For security reasons” was correct but misinterpreted.

[MayeulC]

> If you read the source of ‘cat’ and ‘more’ you’ll see that if they are reading /etc/passwd they replace the passwords of system users with ‘*’, unless you are uid 0.

That sounds so wrong, anything from a user-written program, `ed`, etc to a symlink/hardlink could read the password.

[NoZebra120vClip]

Sounds wrong because it is wrong, pure unadulterated intentional B.S.; don't know why the commenter decided to yank our chains like this.

I believe there is a meme in chat rooms where trolls get unsuspecting users to reveal their passwords by convincing them that the chat replaces it with "***" and so forth. Perhaps the GP is riffing on this.