This is the mail archive of the libc-hacker@sourceware.cygnus.com mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

Re: [ak@muc.de] libc/796: getpass() is not usable for high security applications


On Fri, Oct 23, 1998 at 06:48:00PM +0200, Ulrich Drepper wrote:
> Mark Kettenis <kettenis@wins.uva.nl> writes:
> 
> > I'd say that adding a getpass_r interface for would mean encouraging
> > developers to use it instead of discouraging.  So I'd vote against it.
> 
> I agree.  Getpass() would also be left out if it wouldn't be for
> standard compliance.

Ok. But could you at least remove the fflush(fh) from getpass? It 
definitely accounts for >50% of my failed su attempts. Libc5
didn't flush and working with su was smoother. I think it offers
no security advantage.


-Andi


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]