This is the mail archive of the
libc-hacker@sourceware.cygnus.com
mailing list for the glibc project.
Re: [ak@muc.de] libc/796: getpass() is not usable for high security applications
On Fri, Oct 23, 1998 at 06:48:00PM +0200, Ulrich Drepper wrote:
> Mark Kettenis <kettenis@wins.uva.nl> writes:
>
> > I'd say that adding a getpass_r interface for would mean encouraging
> > developers to use it instead of discouraging. So I'd vote against it.
>
> I agree. Getpass() would also be left out if it wouldn't be for
> standard compliance.
Ok. But could you at least remove the fflush(fh) from getpass? It
definitely accounts for >50% of my failed su attempts. Libc5
didn't flush and working with su was smoother. I think it offers
no security advantage.
-Andi