Hi Zack, On 9/27/22 23:00, Zack Weinberg wrote: > On Tue, Sep 27, 2022, at 4:30 PM, Sam James via Libc-alpha wrote: >> On 27 Sep 2022, at 20:19, Alejandro Colomar via Libc-alpha wrote: >>> I developed a function similar to getpass(3), but which allocates a buffer (similar to asprintf(3)). I only allocate once, and bail out if the password exceeds PASS_MAX, so no leaks in allocated memory (modulo bugs that I may have not noticed). > ... >>> Would you mind implementing readpassphrase(3) in glibc >> I assume it'd be libxcrypt instead? > > My immediate reaction is that this is out of scope for libxcrypt. I could be persuaded otherwise but I don't have much time to work on *either* libxcrypt or libc right now so I won't be able to be very helpful in any event. > > I'm cc:ing Bjoern Esser in case he has an opinion. Thanks! BTW, maybe glibc should consider changing the implementation of getpass(3) to be in terms of fgets(3) and simply fail for very long passwords (PASS_MAX). That would fix the realloc(3) bug. Cheers, Alex --