Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 27 Feb 2013 11:54:08 -0500
From: Rich Felker <>
Subject: Re: shadow.h

On Wed, Feb 27, 2013 at 10:09:18AM +0100, Daniel Cegiełka wrote:
> 2013/2/27 Rich Felker <>:
> > On Tue, Feb 26, 2013 at 11:54:58PM +0100, Daniel Cegiełka wrote:
> >> Error relocating /lib/security/ putspent: symbol not found
> >> Error relocating /lib/security/ fgetspent: symbol not found
> >> Error relocating /lib/security/ putpwent: symbol not found
> >
> > These have been discussed before and I believe the intent is to add
> > them (they're simple fprintf wrappers, if I remember correctly),
> ....or can be removed from shadow.h.
> > but
> > be aware that's support for writing to the password
> > database assumes a certain form and will break things badly if the
> > user is using tcb shadow. It might also mess up the shadow file if it
> > depends on being able to iterate all entries in the shadow file; I'm
> > not sure if that works or not.
> >
> > These are issues that need more discussion...
> I prefer tcb, but the current implementation in musl isn't as
> functional as owl's (privilege separation):

Can you explain this better? I don't think the code in libc has
anything to do with privilege separation model used. It only *reads*
the tcb shadow data; it doesn't write anything, and it doesn't depend
on any particular permissions model for the data except that it be
readable by whichever user is doing authenticating.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.