Hi Ken,
Ken Hornstein writes:
The "brokenness" is that OpenBSD simply doesn't implement utmpx, because
it's seen as an unsafe and insecure interface. OpenBSD aren't the only ones
who feel this way (the musl C library also doesn't support utmpx, for the
same reasons: http://www.openwall.com/lists/musl/2012/03/04/4).
I'd find the "security" arguments more compelling if OpenBSD didn't
implement utmp, which has (as far I can tell) the same security issues.
Well, I'm just repeating what I've heard elsewhere. I am not familiar
with how utmp{,x} works myself. utmp is no doubt kept around because
existing software demands it, and the implementation is mature enough
to not have known holes.
As far as I know the behavior of the utmpx functions are not defined by
POSIX either.
http://pubs.opengroup.org/onlinepubs/009696899/functions/endutxent.html
And on that page utmpx is marked as an XSI extension. To my understanding
those are optional and not required to be implemented in POSIX-compliant
software.
--
Anthony J. Bentley
_______________________________________________
Nmh-workers mailing list
Nmh-workers@nongnu.org
https://lists.nongnu.org/mailman/listinfo/nmh-workers