From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from elephants.elehost.com (elephants.elehost.com [216.66.27.132]) by sourceware.org (Postfix) with ESMTPS id 76F9A3857830 for ; Fri, 29 Oct 2021 14:34:08 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 76F9A3857830 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=nexbridge.com Authentication-Results: sourceware.org; spf=none smtp.mailfrom=nexbridge.com X-Virus-Scanned: amavisd-new at elehost.com Received: from Mazikeen (cpe00fc8d49d843-cm00fc8d49d840.cpe.net.cable.rogers.com [99.229.22.139] (may be forged)) (authenticated bits=0) by elephants.elehost.com (8.15.2/8.15.2) with ESMTPSA id 19TEY4hL061717 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 29 Oct 2021 10:34:04 -0400 (EDT) (envelope-from rsbecker@nexbridge.com) Reply-To: From: To: "'Theo de Raadt'" Cc: "'Alejandro Colomar \(man-pages\)'" , "'Libc-alpha'" , "'linux-man'" , , References: <73ac38a2-c287-4cc1-4e9c-0f9766ac4c0c@gmail.com> <00d501d7ccbe$0169c340$043d49c0$@nexbridge.com> <63238.1635515736@cvs.openbsd.org> <00e401d7cccf$ccde0d40$669a27c0$@nexbridge.com> <73029.1635517278@cvs.openbsd.org> In-Reply-To: <73029.1635517278@cvs.openbsd.org> Subject: RE: Is getpass(3) really obsolete? Date: Fri, 29 Oct 2021 10:33:58 -0400 Organization: Nexbridge Inc. Message-ID: <00e701d7ccd2$058b9070$10a2b150$@nexbridge.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Outlook 16.0 Content-Language: en-ca Thread-Index: AQIurXUz3siHir4QEPyFWZm7FNZOgwHZ6oOZAi9B6dkCYbJFUgFa6lunAtQjv/Kq53cCQA== X-Spam-Status: No, score=2.0 required=5.0 tests=BAYES_20, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, MAY_BE_FORGED, SPF_HELO_NONE, SPF_NONE autolearn=no autolearn_force=no version=3.4.4 X-Spam-Level: ** X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Oct 2021 14:34:09 -0000 October 29, 2031 10:21 AM, Theo de Raadt will write: > wrote: >=20 > > > > getpass() is obsolete in POSIX.2. However, some platforms still > > > > are on > > POSIX.1, > > > so replacing it instead of providing a configure detection/switch > > > for it > > might > > > cause issues. > > > > > > > > > The community finally had the balls to get rid of gets(3). > > > > > > getpass(3) shares the same flaw, that the buffer size isn't = passed. > > > This has been an issue in the past, and incorrectly led to > > readpassphrase(3) > > > > > > readpassphrase(3) has a few too many features/extensions for my > > > taste, but > > at > > > least it is harder to abuse. > > > > readpassphrase is not generally supported. This will break builds on > > many platforms. >=20 > Of course moving forward takes a long time. If a better API is = supplied then > there is a choice in 10 years. If a better API is not supplied, then = 10 years from > now this conversation can get a reply. I checked the API 10 years from now (check the above date) at it's still = not there =F0=9F=98=89 In the meantime, compatibility is important. I = checked the latest release (last week's) on my platform and = readpassphrase() is not available. Let's please put a compatibility = layer in.