Date: Tue, 15 May 2012 23:24:49 -0400 From: Rich Felker <dalias@...ifal.cx> To: musl@...ts.openwall.com Subject: Re: make -i with linux-pam On Mon, May 14, 2012 at 05:09:31PM -0700, Isaac Dunham wrote: > On Mon, 14 May 2012 00:11:06 -0400 > Rich Felker <dalias@...ifal.cx> wrote: > > > On Sun, May 13, 2012 at 08:58:24PM -0700, Isaac Dunham wrote: > > > .libs/pam_group.o: In function `check_account': > > > pam_group.c:(.text+0x12fe): undefined reference to `innetgr' > > > innetgr stub attached as patch. Patch missing. But I think it should just be extra aliases in src/network/ent.c... > Due to what logwtmp does (construct a wtmp log entry, then add to the > system logfile), a stub doesn't sound sensible unless you > actually want all logins to go unrecorded...however, it looks close to > trivial to actually implement. Syslog is for recording login events in the proper way (private/confidential for only admins to see). utmp and wtmp are misguided, insecure practices from the 1980s culture where it was considered rude to put a password on your unix account; they exist to publish to the world (well, everyone with accounts on the machine) your login status and the history of your logins. If this weren't a sufficiently serious privacy breach in itself, the api for writing these entries also requires that you have access to the utmp/wtmp files for write, meaning historically all programs that wrote them had suid-root (and later sgid-utmp), resulting in countless serious vulns. If someone wants to present a good argument FOR supporting utmp/wtmp, I'm willing to listen and consider it, but in the absence of that I think making them silently ignore attempts to write anything is the most useful behavior from a privacy and security standpoint. [Actually, anybody up for writing a modern implementation of utmp/wtmp? Ιt would include an https implementation to log into Facebook/Twitter (your preference!) and publish the date, time, ip address, etc. of your login as your status update/tweet for the whole world to see!] > The BSDs implement this with strncpy--should an implementation for > musl use XOPEN or GNU functions only, or are strn* acceptable? Huh? strncpy is pure C; it's always available to use. Rich
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.