Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 27 Feb 2013 11:52:33 -0500
From: Rich Felker <dalias@...ifal.cx>
To: musl@...ts.openwall.com
Subject: Re: shadow.h

On Wed, Feb 27, 2013 at 09:24:40AM +0100, Daniel Cegiełka wrote:
> 2013/2/27 Szabolcs Nagy <nsz@...t70.net>:
> 
> > /etc/shadow requires priviledge escalation for password changes
> > so putspent is dangerous, pam_unix should be deprecated on
> > modern systems
> >
> > http://www.openwall.com/tcb/
> >
> > (i think this already came up a few times, maybe it should be in a faq..)
> 
> owl's tcb and musl? It's harder than it seems.
> 
> 1) __crypt_blowfish() in musl isn't compatible with
> __crypt_blowfish_rn().. so lack of support for owl's

This is intentional. __-prefixed functions are not intended to be
externally visible except for a small set (e.g. stdio_ext.h) with
historical precedent or ABI things like __errno_location.

I hope we can work with owl to get a good solution. I'm not sure why
they don't just use crypt_r, since it would certainly do the job, but
if they want to use the special functions when available, they could
still include a fallback to crypt_r.

> __crypt_gensalt_ra() and crypt_ra/rn() etc. (owl's salt and tcb
> prefixes):

My feeling was that salt generation doesn't belong in libc. Just
adding these functions into the owl pam code should do the trick.

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.