Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 15 May 2012 23:24:49 -0400
From: Rich Felker <dalias@...ifal.cx>
To: musl@...ts.openwall.com
Subject: Re: make -i with linux-pam

On Mon, May 14, 2012 at 05:09:31PM -0700, Isaac Dunham wrote:
> On Mon, 14 May 2012 00:11:06 -0400
> Rich Felker <dalias@...ifal.cx> wrote:
> 
> > On Sun, May 13, 2012 at 08:58:24PM -0700, Isaac Dunham wrote:
> > > .libs/pam_group.o: In function `check_account':
> > > pam_group.c:(.text+0x12fe): undefined reference to `innetgr'
> > 
> innetgr stub attached as patch.

Patch missing. But I think it should just be extra aliases in
src/network/ent.c...

> Due to what logwtmp does (construct a wtmp log entry, then add to the
> system logfile), a stub doesn't sound sensible unless you
> actually want all logins to go unrecorded...however, it looks close to
> trivial to actually implement.

Syslog is for recording login events in the proper way
(private/confidential for only admins to see). utmp and wtmp are
misguided, insecure practices from the 1980s culture where it was
considered rude to put a password on your unix account; they exist to
publish to the world (well, everyone with accounts on the machine)
your login status and the history of your logins. If this weren't a
sufficiently serious privacy breach in itself, the api for writing
these entries also requires that you have access to the utmp/wtmp
files for write, meaning historically all programs that wrote them had
suid-root (and later sgid-utmp), resulting in countless serious vulns.

If someone wants to present a good argument FOR supporting utmp/wtmp,
I'm willing to listen and consider it, but in the absence of that I
think making them silently ignore attempts to write anything is the
most useful behavior from a privacy and security standpoint.

[Actually, anybody up for writing a modern implementation of
utmp/wtmp? Ιt would include an https implementation to log into
Facebook/Twitter (your preference!) and publish the date, time, ip
address, etc. of your login as your status update/tweet for the whole
world to see!]

> The BSDs implement this with strncpy--should an implementation for
> musl use XOPEN or GNU functions only, or are strn* acceptable?

Huh? strncpy is pure C; it's always available to use.

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.