nmh-workers
[Top] [All Lists]

Re: [Nmh-workers] Garbage collection

2013-01-01 18:46:07
Hi Ken,

Ken Hornstein writes:
The "brokenness" is that OpenBSD simply doesn't implement utmpx, because
it's seen as an unsafe and insecure interface. OpenBSD aren't the only ones
who feel this way (the musl C library also doesn't support utmpx, for the
same reasons: http://www.openwall.com/lists/musl/2012/03/04/4).

I'd find the "security" arguments more compelling if OpenBSD didn't
implement utmp, which has (as far I can tell) the same security issues.

Well, I'm just repeating what I've heard elsewhere. I am not familiar
with how utmp{,x} works myself. utmp is no doubt kept around because
existing software demands it, and the implementation is mature enough
to not have known holes.

As far as I know the behavior of the utmpx functions are not defined by
POSIX either.

http://pubs.opengroup.org/onlinepubs/009696899/functions/endutxent.html

And on that page utmpx is marked as an XSI extension. To my understanding
those are optional and not required to be implemented in POSIX-compliant
software.

--
Anthony J. Bentley

_______________________________________________
Nmh-workers mailing list
Nmh-workers@nongnu.org
https://lists.nongnu.org/mailman/listinfo/nmh-workers

<Prev in Thread] Current Thread [Next in Thread>