tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: suenv



On Tue, Oct 23, 2012 at 05:05:27PM +0100, Julian Yon wrote:
> On Tue, 23 Oct 2012 10:32:18 -0400
> Thor Lancelot Simon <tls%panix.com@localhost> wrote:
> 
> > On Tue, Oct 23, 2012 at 04:31:52PM +0200, Emmanuel Dreyfus wrote:
> > > Background: libpthread is tagged as not loadable by dlopen() in
> > > NetBSD-6.0. This breaks PAM modules that are linked with -lpthread
> > > or that dlopen() other objects linked with -lpthread. 
> > 
> > Don't do that, then.
> 
> You appear to be ignoring the existence of the Real World. You may

You appear to be ignoring the relevant standards.  A process is
either threaded or it is not, and thus a shared object which
may be loaded into arbitrary processes must not use threads.

Doing so in authentication software is just insane.  In the
real world I live in, one needs to be particularly careful
with security software, not the other way around.

Nasty hacks like subverting the protection against LD_PRELOAD
on setuid executables are not called for in a case like this.
If we resort to them, why should our users trust us to deliver
quality software?  If you want the wild west, you can find
Debian's openssl patches over there ----->.

Thor


Home | Main Index | Thread Index | Old Index