Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 4 Mar 2012 13:18:08 -0500
From: Rich Felker <dalias@...ifal.cx>
To: musl@...ts.openwall.com
Subject: Re: utmpx support

On Sun, Mar 04, 2012 at 06:41:25PM +0100, finkler wrote:
> Hi there,
> 
> I was wondering whether it is intentional or just due to more
> pressing tasks that utmpx is a stub?

It's intentional, but if you have a real need for utmp support, I'd be
willing to hear about it.

My own view is that utmp is a major source of security risks due both
to the need for suid/sgid binaries to access it and the inherent
information leak of publicly publishing users' login status, and that
it has few if any legitimate purposes. It comes from a very different
era/culture, reminiscent of the days when putting a password on your
account was seen as offensive. :-)

> If it is because of the latter I would gladly be of help, after all
> this seems kind of trivial, or am I missing something?

Perhaps a better approach would be making a separate small static
libutmp.a that could be linked by people wanting real utmp support as
opposed to the stubs.

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.