Date: Sun, 4 Mar 2012 13:18:08 -0500 From: Rich Felker <dalias@...ifal.cx> To: musl@...ts.openwall.com Subject: Re: utmpx support On Sun, Mar 04, 2012 at 06:41:25PM +0100, finkler wrote: > Hi there, > > I was wondering whether it is intentional or just due to more > pressing tasks that utmpx is a stub? It's intentional, but if you have a real need for utmp support, I'd be willing to hear about it. My own view is that utmp is a major source of security risks due both to the need for suid/sgid binaries to access it and the inherent information leak of publicly publishing users' login status, and that it has few if any legitimate purposes. It comes from a very different era/culture, reminiscent of the days when putting a password on your account was seen as offensive. :-) > If it is because of the latter I would gladly be of help, after all > this seems kind of trivial, or am I missing something? Perhaps a better approach would be making a separate small static libutmp.a that could be linked by people wanting real utmp support as opposed to the stubs. Rich
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.