From: Alejandro Colomar <alx.manpages@gmail.com>
To: Zack Weinberg <zack@owlfolio.org>,
GNU libc development <libc-alpha@sourceware.org>
Cc: bjoern.esser@gmail.com
Subject: Re: readpassphrase(3) in glibc, and agetpass() (Was: Is getpass(3) really obsolete?)
Date: Wed, 28 Sep 2022 00:41:40 +0200 [thread overview]
Message-ID: <4a38fcdc-220f-cda5-3e1c-944f3c79d5e3@gmail.com> (raw)
In-Reply-To: <132de00e-c809-40f1-9c14-437dff5fb18b@www.fastmail.com>
[-- Attachment #1.1: Type: text/plain, Size: 1139 bytes --]
Hi Zack,
On 9/27/22 23:00, Zack Weinberg wrote:
> On Tue, Sep 27, 2022, at 4:30 PM, Sam James via Libc-alpha wrote:
>> On 27 Sep 2022, at 20:19, Alejandro Colomar via Libc-alpha <libc-alpha@sourceware.org> wrote:
>>> I developed a function similar to getpass(3), but which allocates a buffer (similar to asprintf(3)). I only allocate once, and bail out if the password exceeds PASS_MAX, so no leaks in allocated memory (modulo bugs that I may have not noticed).
> ...
>>> Would you mind implementing readpassphrase(3) in glibc
>> I assume it'd be libxcrypt instead?
>
> My immediate reaction is that this is out of scope for libxcrypt. I could be persuaded otherwise but I don't have much time to work on *either* libxcrypt or libc right now so I won't be able to be very helpful in any event.
>
> I'm cc:ing Bjoern Esser in case he has an opinion.
Thanks!
BTW, maybe glibc should consider changing the implementation of
getpass(3) to be in terms of fgets(3) and simply fail for very long
passwords (PASS_MAX). That would fix the realloc(3) bug.
Cheers,
Alex
--
<http://www.alejandro-colomar.es/>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2022-09-27 22:41 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-29 11:15 Is getpass(3) really obsolete? Alejandro Colomar
2021-10-29 11:28 ` Alejandro Colomar (man-pages)
2021-10-29 11:40 ` Ævar Arnfjörð Bjarmason
2021-10-29 12:11 ` Alejandro Colomar (man-pages)
2021-10-29 16:31 ` Joseph Myers
2021-10-30 12:24 ` Alejandro Colomar (man-pages)
2021-11-01 21:31 ` Joseph Myers
2021-10-29 12:10 ` rsbecker
2021-10-29 13:55 ` Eugene Syromyatnikov
2021-10-29 13:55 ` Theo de Raadt
2021-10-29 14:18 ` rsbecker
2021-10-29 14:21 ` Theo de Raadt
2021-10-29 14:33 ` rsbecker
2021-10-29 14:44 ` Alejandro Colomar (man-pages)
2021-10-29 15:00 ` rsbecker
2021-10-29 14:53 ` Zack Weinberg
2022-09-27 19:19 ` readpassphrase(3) in glibc, and agetpass() (Was: Is getpass(3) really obsolete?) Alejandro Colomar
2022-09-27 19:33 ` Alex Colomar
2022-09-27 20:30 ` Sam James
2022-09-27 21:00 ` Zack Weinberg
2022-09-27 22:41 ` Alejandro Colomar [this message]
2022-09-27 20:52 ` readpassphrase(3) in glibc, and agetpass() Junio C Hamano
2021-10-29 15:27 ` [PATCH] getpass.3: SYNOPSIS: Mark getpass() as [[deprecated]] Alejandro Colomar
2021-10-29 20:27 ` Is getpass(3) really obsolete? Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4a38fcdc-220f-cda5-3e1c-944f3c79d5e3@gmail.com \
--to=alx.manpages@gmail.com \
--cc=bjoern.esser@gmail.com \
--cc=libc-alpha@sourceware.org \
--cc=zack@owlfolio.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).