From: Alejandro Colomar <alx.manpages@gmail.com>
To: mtk.manpages@gmail.com, linux-man@vger.kernel.org
Cc: "Alejandro Colomar" <alx.manpages@gmail.com>,
Git <git@vger.kernel.org>, Glibc <libc-alpha@sourceware.org>,
OpenBSD <tech@openbsd.org>,
"Ævar Arnfjörð Bjarmason" <avarab@gmail.com>,
"Benoit Lecocq" <benoit@openbsd.org>,
"Klemens Nanni" <kn@openbsd.org>,
Randall <rsbecker@nexbridge.com>,
"Eugene Syromyatnikov" <evgsyr@gmail.com>,
"Theo de Raadt" <deraadt@openbsd.org>,
"Zack Weinberg" <zack@owlfolio.org>
Subject: [PATCH] getpass.3: SYNOPSIS: Mark getpass() as [[deprecated]]
Date: Fri, 29 Oct 2021 17:27:29 +0200 [thread overview]
Message-ID: <20211029152728.42938-1-alx.manpages@gmail.com> (raw)
In-Reply-To: <73ac38a2-c287-4cc1-4e9c-0f9766ac4c0c@gmail.com>
Suggest readpassphrase(3bsd) as an alternative.
See the long discussion in the mailing list for more details (link
at the bottom of this commit message). I'll quote some relevant
parts here:
Eugene Syromyatnikov <evgsyr@gmail.com>:
{
And the only mention of getpass() in POSIX (at least,
since the 2001's edition) indeed seems to be [1], in the
list of functions that have not been carried forward from
XSH5, the 1997 revision of “System Interfaces and Headers”
(that is, SUSv2)[2], where it is inherited from SUSv1[4]
from XPG[5] and, as Alejandro already mentioned, marked as
obsolete, per XPG3 to XPG4 migration guide[6]; the
previous, 1988, version of POSIX[3] does not mention
getpass() at all.
[1] https://pubs.opengroup.org/onlinepubs/009695399/basedefs/xbd_chap01.html
[2] https://pubs.opengroup.org/onlinepubs/7908799/xsh/getpass.html
[3] https://mirror.math.princeton.edu/pub/oldlinux/download/c953.pdf
[4] https://pubs.opengroup.org/onlinepubs/9695969499/toc.pdf
[5] https://bitsavers.computerhistory.org/pdf/xOpen/X_Open_Portability_Guide_1985/xpg_2_xopen_system_v_specification_2.pdf
[6] http://archive.opengroup.org/publications/archive/CDROM/g501.pdf
}
Theo de Raadt <deraadt@openbsd.org>:
{
The community finally had the balls to get rid of gets(3).
getpass(3) shares the same flaw, that the buffer size
isn't passed. This has been an issue in the past, and
incorrectly led to readpassphrase(3).
readpassphrase(3) has a few too many features/extensions
for my taste, but at least it is harder to abuse.
}
Alejandro Colomar <alx.manpages@gmail.com>:
{
I found readpassphrase(3) in FreeBSD and OpenBSD. It is
also present in libbsd(7), which is available in most
Linux distributions. I also found it on a Mac that I have
access.
NetBSD has getpass_r(3) instead. It is not in any other
system I have access.
}
Zack Weinberg <zack@owlfolio.org>:
{
I was about to post exactly the same thing. getpass(3)
is not deprecated because there's a better replacement,
it's deprecated because it's _unsafe_. The glibc
implementation wraps getline(3) and therefore doesn't
truncate the passphrase or overflow a fixed-size buffer,
no matter how long the input is, but portable code cannot
rely on that. And come to think of it, using getline(3)
means that prefixes of the passphrase may be left lying
around in malloc's free lists.
(getpass also cannot be made thread safe, due to recycling
of a static buffer, but a program in which multiple
threads are racing to prompt the user for passwords would
be a UX disaster anyway, so I don't think that's a
critical flaw the way it is for e.g. strtok(3).)
The Linux manpage project's documentation is, as I
understand it, for Linux with glibc _first_, but not
_only_; it should not describe this function as
not-deprecated just because glibc has patched its worst
problems and doesn't offer any better API.
}
List: linux-man <https://lore.kernel.org/linux-man/6d8642e9-71f7-4a83-9791-880d04f67d17@www.fastmail.com/T/#t>
Signed-off-by: Alejandro Colomar <alx.manpages@gmail.com>
Cc: Git <git@vger.kernel.org>
Cc: Glibc <libc-alpha@sourceware.org>
Cc: OpenBSD <tech@openbsd.org>
Cc: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
Cc: Benoit Lecocq <benoit@openbsd.org>
Cc: Klemens Nanni <kn@openbsd.org>
Cc: Randall <rsbecker@nexbridge.com>
Cc: Eugene Syromyatnikov <evgsyr@gmail.com>
Cc: Theo de Raadt <deraadt@openbsd.org>
Cc: Zack Weinberg <zack@owlfolio.org>
Cc: Florian Weimer <libc-alpha@sourceware.org>
---
man3/getpass.3 | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/man3/getpass.3 b/man3/getpass.3
index fa2031544..7d6da07fa 100644
--- a/man3/getpass.3
+++ b/man3/getpass.3
@@ -28,7 +28,7 @@ getpass \- get a password
.nf
.B #include <unistd.h>
.PP
-.BI "char *getpass(const char *" prompt );
+.BI "[[deprecated]] char *getpass(const char *" prompt );
.fi
.PP
.RS -4
@@ -48,6 +48,7 @@ Feature Test Macro Requirements for glibc (see
.SH DESCRIPTION
This function is obsolete.
Do not use it.
+See NOTES.
If you want to read input without terminal echoing enabled,
see the description of the
.I ECHO
@@ -126,7 +127,11 @@ Removed in POSIX.1-2001.
.\" are transmitted as part of the password.
.\" Since libc 5.4.19 also line editing is disabled, so that also
.\" backspace and the like will be seen as part of the password.
-.
+You should use instead
+.BR readpassphrase (3bsd),
+provided by
+.IR libbsd .
+.PP
In the GNU C library implementation, if
.I /dev/tty
cannot be opened, the prompt is written to
--
2.33.1
next prev parent reply other threads:[~2021-10-29 15:29 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-29 11:15 Is getpass(3) really obsolete? Alejandro Colomar
2021-10-29 11:28 ` Alejandro Colomar (man-pages)
2021-10-29 11:40 ` Ævar Arnfjörð Bjarmason
2021-10-29 12:11 ` Alejandro Colomar (man-pages)
2021-10-29 16:31 ` Joseph Myers
2021-10-30 12:24 ` Alejandro Colomar (man-pages)
2021-11-01 21:31 ` Joseph Myers
2021-10-29 12:10 ` rsbecker
2021-10-29 13:55 ` Eugene Syromyatnikov
2021-10-29 13:55 ` Theo de Raadt
2021-10-29 14:18 ` rsbecker
2021-10-29 14:21 ` Theo de Raadt
2021-10-29 14:33 ` rsbecker
2021-10-29 14:44 ` Alejandro Colomar (man-pages)
2021-10-29 15:00 ` rsbecker
2021-10-29 14:53 ` Zack Weinberg
2022-09-27 19:19 ` readpassphrase(3) in glibc, and agetpass() (Was: Is getpass(3) really obsolete?) Alejandro Colomar
2022-09-27 19:33 ` Alex Colomar
2022-09-27 20:30 ` Sam James
2022-09-27 21:00 ` Zack Weinberg
2022-09-27 22:41 ` Alejandro Colomar
2022-09-27 20:52 ` readpassphrase(3) in glibc, and agetpass() Junio C Hamano
2021-10-29 15:27 ` Alejandro Colomar [this message]
2021-10-29 20:27 ` Is getpass(3) really obsolete? Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211029152728.42938-1-alx.manpages@gmail.com \
--to=alx.manpages@gmail.com \
--cc=avarab@gmail.com \
--cc=benoit@openbsd.org \
--cc=deraadt@openbsd.org \
--cc=evgsyr@gmail.com \
--cc=git@vger.kernel.org \
--cc=kn@openbsd.org \
--cc=libc-alpha@sourceware.org \
--cc=linux-man@vger.kernel.org \
--cc=mtk.manpages@gmail.com \
--cc=rsbecker@nexbridge.com \
--cc=tech@openbsd.org \
--cc=zack@owlfolio.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).