Re: suenv

To: Julian Yon <julian%yon.org.uk@localhost>
Subject: Re: suenv
From: Thor Lancelot Simon <tls%panix.com@localhost>
Date: Tue, 23 Oct 2012 12:21:42 -0400

On Tue, Oct 23, 2012 at 05:05:27PM +0100, Julian Yon wrote:
> On Tue, 23 Oct 2012 10:32:18 -0400
> Thor Lancelot Simon <tls%panix.com@localhost> wrote:
> 
> > On Tue, Oct 23, 2012 at 04:31:52PM +0200, Emmanuel Dreyfus wrote:
> > > Background: libpthread is tagged as not loadable by dlopen() in
> > > NetBSD-6.0. This breaks PAM modules that are linked with -lpthread
> > > or that dlopen() other objects linked with -lpthread. 
> > 
> > Don't do that, then.
> 
> You appear to be ignoring the existence of the Real World. You may

You appear to be ignoring the relevant standards.  A process is
either threaded or it is not, and thus a shared object which
may be loaded into arbitrary processes must not use threads.

Doing so in authentication software is just insane.  In the
real world I live in, one needs to be particularly careful
with security software, not the other way around.

Nasty hacks like subverting the protection against LD_PRELOAD
on setuid executables are not called for in a case like this.
If we resort to them, why should our users trust us to deliver
quality software?  If you want the wild west, you can find
Debian's openssl patches over there ----->.

Thor

Follow-Ups:
- Re: suenv
  - From: Christos Zoulas
- Re: suenv
  - From: Emmanuel Dreyfus
- Re: suenv
  - From: Julian Yon

References:
- suenv
  - From: Emmanuel Dreyfus
- Re: suenv
  - From: Thor Lancelot Simon
- Re: suenv
  - From: Julian Yon

Prev by Date: Re: suenv
Next by Date: Re: suenv
Previous by Thread: Re: suenv
Next by Thread: Re: suenv
Indexes:

Home | Main Index | Thread Index | Old Index