This is the mail archive of the
libc-hacker@sourceware.cygnus.com
mailing list for the glibc project.
Re: [ak@muc.de] libc/796: getpass() is not usable for high security applications
- To: aj@arthur.rhein-neckar.de
- Subject: Re: [ak@muc.de] libc/796: getpass() is not usable for high security applications
- From: Mark Kettenis <kettenis@wins.uva.nl>
- Date: Fri, 23 Oct 1998 18:15:12 +0200 (MET DST)
- CC: libc-hacker@cygnus.com, ak@muc.de
- References: <u8g1cfuwvq.fsf@arthur.rhein-neckar.de>
From: Andreas Jaeger <aj@arthur.rhein-neckar.de>
Date: 23 Oct 1998 17:21:45 +0200
Hi,
what shall we do with the appended bug report? Should we follow
Andi's advice and define a getpass_r interface?
getpass is marked as LEGACY in The Single UNIX Specification, Version 2.
The specification also explicitely mentions that the interface need
not be reentrant.
Furthermore it says that:
This function was marked LEGACY since it provides no functionality
which a user could not easily implement, and its name is
misleading.
I'd say that adding a getpass_r interface for would mean encouraging
developers to use it instead of discouraging. So I'd vote against it.
Mark