|
Message-ID: <20130425052100.GK20323@brightrain.aerifal.cx> Date: Thu, 25 Apr 2013 01:21:00 -0400 From: Rich Felker <dalias@...ifal.cx> To: musl@...ts.openwall.com Subject: Re: High-priority library replacements? On Thu, Apr 25, 2013 at 07:05:12AM +0200, Daniel Cegiełka wrote: > 2013/4/25 Rich Felker <dalias@...ifal.cx>: > > For a list of core libraries I would add basic, but high-priority > tools: ssh, pam (passwd, login, su). > > ssh - dropbear? I think dropbear fully covers the needs of most non-"enterprise" usage and maybe that too. It could however use some hardening. I don't think it's terribly insecure, but I'd like to see a robust privilege model that would make it safe even in the event of bugs that would otherwise result in a compromise. > pam - openpam? I would say pam is less critical. I've had my pamlite in limbo for a long time but haven't gotten around to making it do anything... Still a good one for the list though. > These key software we can also support (static linking etc.). > > btw. SSL - instead libcrypto clone maybe it's better to use > crypto-algorithms from linux kernel? > > http://cryptodev-linux.org/ I'm not sure what the advantage would be; the disadvantage is certainly being Linux-specific and dependent on the host system configuration (last I checked, crypto in the kernel is optional; maybe this has changed..?) to work. There's also the issue that it's not fail-proof; it requires allocating resources. IMO supporting hardware crypto devices is not really relevant for most users of SSL. Yes, a high volume web server might need to be tuned for performance, but it doesn't matter for most network client applications like wget, chat clients, mail clients, etc. Rich
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.