From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/3193
Path: news.gmane.org!not-for-mail
From: Rich Felker <dalias@aerifal.cx>
Newsgroups: gmane.linux.lib.musl.general
Subject: Re: High-priority library replacements?
Date: Thu, 25 Apr 2013 01:21:00 -0400
Message-ID: <20130425052100.GK20323@brightrain.aerifal.cx>
References: <20130425041553.GA13951@brightrain.aerifal.cx>
 <CAPLrYETOa5q-h7XjZ2ESBKdu8SVuFm6X5AHD_p8mKpJMOY+RqA@mail.gmail.com>
Reply-To: musl@lists.openwall.com
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Trace: ger.gmane.org 1366867271 22215 80.91.229.3 (25 Apr 2013 05:21:11 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Thu, 25 Apr 2013 05:21:11 +0000 (UTC)
To: musl@lists.openwall.com
Original-X-From: musl-return-3197-gllmg-musl=m.gmane.org@lists.openwall.com Thu Apr 25 07:21:15 2013
Return-path: <musl-return-3197-gllmg-musl=m.gmane.org@lists.openwall.com>
Envelope-to: gllmg-musl@plane.gmane.org
Original-Received: from mother.openwall.net ([195.42.179.200])
	by plane.gmane.org with smtp (Exim 4.69)
	(envelope-from <musl-return-3197-gllmg-musl=m.gmane.org@lists.openwall.com>)
	id 1UVEcL-00067z-G8
	for gllmg-musl@plane.gmane.org; Thu, 25 Apr 2013 07:21:13 +0200
Original-Received: (qmail 22028 invoked by uid 550); 25 Apr 2013 05:21:12 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
Original-Received: (qmail 22020 invoked from network); 25 Apr 2013 05:21:12 -0000
Content-Disposition: inline
In-Reply-To: <CAPLrYETOa5q-h7XjZ2ESBKdu8SVuFm6X5AHD_p8mKpJMOY+RqA@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Xref: news.gmane.org gmane.linux.lib.musl.general:3193
Archived-At: <http://permalink.gmane.org/gmane.linux.lib.musl.general/3193>

On Thu, Apr 25, 2013 at 07:05:12AM +0200, Daniel Cegiełka wrote:
> 2013/4/25 Rich Felker <dalias@aerifal.cx>:
> 
> For a list of core libraries I would add basic, but high-priority
> tools: ssh, pam (passwd, login, su).
> 
> ssh - dropbear?

I think dropbear fully covers the needs of most non-"enterprise" usage
and maybe that too. It could however use some hardening. I don't think
it's terribly insecure, but I'd like to see a robust privilege model
that would make it safe even in the event of bugs that would otherwise
result in a compromise.

> pam - openpam?

I would say pam is less critical. I've had my pamlite in limbo for a
long time but haven't gotten around to making it do anything... Still
a good one for the list though.

> These key software we can also support (static linking etc.).
> 
> btw. SSL - instead libcrypto clone maybe it's better to use
> crypto-algorithms from linux kernel?
> 
> http://cryptodev-linux.org/

I'm not sure what the advantage would be; the disadvantage is
certainly being Linux-specific and dependent on the host system
configuration (last I checked, crypto in the kernel is optional; maybe
this has changed..?) to work. There's also the issue that it's not
fail-proof; it requires allocating resources. IMO supporting hardware
crypto devices is not really relevant for most users of SSL. Yes, a
high volume web server might need to be tuned for performance, but it
doesn't matter for most network client applications like wget, chat
clients, mail clients, etc.

Rich