This is the mail archive of the libc-hacker@sourceware.cygnus.com mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]

Re: [ak@muc.de] libc/796: getpass() is not usable for high security applications

To: aj@arthur.rhein-neckar.de
Subject: Re: [ak@muc.de] libc/796: getpass() is not usable for high security applications
From: Mark Kettenis <kettenis@wins.uva.nl>
Date: Fri, 23 Oct 1998 18:15:12 +0200 (MET DST)
CC: libc-hacker@cygnus.com, ak@muc.de
References: <u8g1cfuwvq.fsf@arthur.rhein-neckar.de>

   From: Andreas Jaeger <aj@arthur.rhein-neckar.de>
   Date: 23 Oct 1998 17:21:45 +0200

   Hi,

   what shall we do with the appended bug report?  Should we follow
   Andi's advice and define a getpass_r interface?

getpass is marked as LEGACY in The Single UNIX Specification, Version 2.
The specification also explicitely mentions that the interface need
not be reentrant.

Furthermore it says that:

   This function was marked LEGACY since it provides no functionality
   which a user could not easily implement, and its name is
   misleading.

I'd say that adding a getpass_r interface for would mean encouraging
developers to use it instead of discouraging.  So I'd vote against it.

Mark

Follow-Ups:
- Re: [ak@muc.de] libc/796: getpass() is not usable for high security applications
  - From: Ulrich Drepper <drepper@cygnus.com>

References:
- [ak@muc.de] libc/796: getpass() is not usable for high security applications
  - From: Andreas Jaeger <aj@arthur.rhein-neckar.de>
- [ak@muc.de] libc/796: getpass() is not usable for high security applications
  - From: Andreas Jaeger <aj@arthur.rhein-neckar.de>

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]