[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20120304181808.GU184@brightrain.aerifal.cx>
Date: Sun, 4 Mar 2012 13:18:08 -0500
From: Rich Felker <dalias@...ifal.cx>
To: musl@...ts.openwall.com
Subject: Re: utmpx support
On Sun, Mar 04, 2012 at 06:41:25PM +0100, finkler wrote:
> Hi there,
>
> I was wondering whether it is intentional or just due to more
> pressing tasks that utmpx is a stub?
It's intentional, but if you have a real need for utmp support, I'd be
willing to hear about it.
My own view is that utmp is a major source of security risks due both
to the need for suid/sgid binaries to access it and the inherent
information leak of publicly publishing users' login status, and that
it has few if any legitimate purposes. It comes from a very different
era/culture, reminiscent of the days when putting a password on your
account was seen as offensive. :-)
> If it is because of the latter I would gladly be of help, after all
> this seems kind of trivial, or am I missing something?
Perhaps a better approach would be making a separate small static
libutmp.a that could be linked by people wanting real utmp support as
opposed to the stubs.
Rich
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
