From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wr1-x430.google.com (mail-wr1-x430.google.com [IPv6:2a00:1450:4864:20::430]) by sourceware.org (Postfix) with ESMTPS id D72A23857802 for ; Fri, 29 Oct 2021 14:44:52 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org D72A23857802 Received: by mail-wr1-x430.google.com with SMTP id p14so16452679wrd.10 for ; Fri, 29 Oct 2021 07:44:52 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:cc:references:from:in-reply-to :content-transfer-encoding; bh=X9JfUFySD69ZAlm7cX2XXMcyvmRiyxLOKbxqcPiQuaI=; b=WTKVQg6ot9jjcoU+vGyT2aUQzi3brylaq+akF27PoeV0u8scHYjeJWCy2IheyLefAY u+h/SvzG+6N/gdXte7t5wjeec5b2CcQQZZIINr9ctW/5NqbyQoU8C9WuAPf9krnz3tec 8Jm+hzjkT6E7dHo9XIV0zzj0GGybjN5+dWwaIGypngdRK7peKTTSfbncLlb8Jm6N+ykx 6DY07mP0a3/z0vC2YELAWCjZQdjY6Cdq6jiSyJ4mGz4HpgNXcVwbqk5EBdoo1D3swZ51 5aegFW9ICJvch4fIwROHC9zk2ri31+byS9xLml1PtxRrXCBmp9hcQGOeLgd37laYO44p cn9g== X-Gm-Message-State: AOAM530M/PFXq2MYysvLv+Fv0dFM/4K+haT5cF+yUCJWQZq5FaIWMu9c WBEztZ745kFzuyzi9+VFxQw= X-Google-Smtp-Source: ABdhPJxfQmLftsafwLmjRN2t1KvHmBiDiHKuGw10lwslV89x0rXUWvKOcxe08Umz8VR0/dKEwVj1+Q== X-Received: by 2002:a5d:4a46:: with SMTP id v6mr14655483wrs.262.1635518692022; Fri, 29 Oct 2021 07:44:52 -0700 (PDT) Received: from [10.8.0.130] ([195.53.121.100]) by smtp.gmail.com with ESMTPSA id p11sm10197704wmi.0.2021.10.29.07.44.50 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 29 Oct 2021 07:44:51 -0700 (PDT) Message-ID: <326e75f9-f732-a7a8-22dc-5fc304601b39@gmail.com> Date: Fri, 29 Oct 2021 16:44:50 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.2.1 Subject: Re: Is getpass(3) really obsolete? Content-Language: en-US To: rsbecker@nexbridge.com, 'Theo de Raadt' Cc: 'Libc-alpha' , 'linux-man' , git@vger.kernel.org, tech@openbsd.org References: <73ac38a2-c287-4cc1-4e9c-0f9766ac4c0c@gmail.com> <00d501d7ccbe$0169c340$043d49c0$@nexbridge.com> <63238.1635515736@cvs.openbsd.org> <00e401d7cccf$ccde0d40$669a27c0$@nexbridge.com> <73029.1635517278@cvs.openbsd.org> <00e701d7ccd2$058b9070$10a2b150$@nexbridge.com> From: "Alejandro Colomar (man-pages)" In-Reply-To: <00e701d7ccd2$058b9070$10a2b150$@nexbridge.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, NICE_REPLY_A, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Oct 2021 14:44:55 -0000 Hi Randall, Theo, On 10/29/21 16:33, rsbecker@nexbridge.com wrote: > October 29, 2031 10:21 AM, Theo de Raadt will write: >> wrote: >> >>>>> getpass() is obsolete in POSIX.2. However, some platforms still >>>>> are on >>> POSIX.1, >>>> so replacing it instead of providing a configure detection/switch >>>> for it >>> might >>>> cause issues. >>>> >>>> >>>> The community finally had the balls to get rid of gets(3). >>>> >>>> getpass(3) shares the same flaw, that the buffer size isn't passed. >>>> This has been an issue in the past, and incorrectly led to >>> readpassphrase(3) That seems a good reason to keep the "Do not use it." note in the manual page. I think I'll add a recommendation for readpassphrase(3bsd) for the moment which is the only alternative available in Linux. >>>> >>>> readpassphrase(3) has a few too many features/extensions for my >>>> taste, but >>> at >>>> least it is harder to abuse. >>> >>> readpassphrase is not generally supported. This will break builds on >>> many platforms. I found readpassphrase(3) in FreeBSD and OpenBSD. It is also present in libbsd(7), which is available in most Linux distributions. I also found it on a Mac that I have access. NetBSD has getpass_r(3) instead. It is not in any other system I have access. >> >> Of course moving forward takes a long time. If a better API is supplied then >> there is a choice in 10 years. If a better API is not supplied, then 10 years from >> now this conversation can get a reply. > > I checked the API 10 years from now (check the above date) at it's still not there 😉 In the meantime, compatibility is important. I checked the latest release (last week's) on my platform and readpassphrase() is not available. Let's please put a compatibility layer in. > libbsd(7) is probably the compatibility layer that you're looking for. What system are you on? Cheers, Alex -- Alejandro Colomar Linux man-pages comaintainer; https://www.kernel.org/doc/man-pages/ http://www.alejandro-colomar.es/