Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 5 Apr 2013 12:02:42 -0400
From: Rich Felker <dalias@...ifal.cx>
To: musl@...ts.openwall.com
Subject: Re: Pending issues for next release

On Fri, Apr 05, 2013 at 03:48:44PM +0200, Szabolcs Nagy wrote:
> > That email also mentions some extra macros for utmp/wtmp pathname. I
> > looked at the issue, and utmp.h is actually defining _PATH_UTMP and
> > _PATH_WTMP in ways that conflict with paths.h... We should address
> > this. Any ideas how? I'd like to keep the /dev/null definitions, but
> > I'm a little bit scared some broken program might see them and end up
> > unlinking /dev/null and replacing it with an empty utmp file at
> > startup.
> 
> we could say that the user should not run buggy code as root
> 
> or define the paths to the usual strings so those programs
> will fail at runtime instead of compile time

How about "/dev/null/utmp"? :) That's guaranteed not to exist.

> so if the stack address is supposed to be secret then
> indeed it is better not to mix it into the filename

Would just using the time in nanoseconds be sufficient? It's a ~29.9
bit value, so at least nearly all possible names are achievable.

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.