From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/4364 Path: news.gmane.org!not-for-mail From: Rich Felker Newsgroups: gmane.linux.lib.musl.general Subject: Re: ruserok et al Date: Wed, 4 Dec 2013 12:05:07 -0500 Message-ID: <20131204170507.GE24286@brightrain.aerifal.cx> References: Reply-To: musl@lists.openwall.com NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: ger.gmane.org 1386176717 2976 80.91.229.3 (4 Dec 2013 17:05:17 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Wed, 4 Dec 2013 17:05:17 +0000 (UTC) To: musl@lists.openwall.com Original-X-From: musl-return-4368-gllmg-musl=m.gmane.org@lists.openwall.com Wed Dec 04 18:05:22 2013 Return-path: Envelope-to: gllmg-musl@plane.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by plane.gmane.org with smtp (Exim 4.69) (envelope-from ) id 1VoFt3-0005pK-CM for gllmg-musl@plane.gmane.org; Wed, 04 Dec 2013 18:05:21 +0100 Original-Received: (qmail 11311 invoked by uid 550); 4 Dec 2013 17:05:20 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: Original-Received: (qmail 11303 invoked from network); 4 Dec 2013 17:05:19 -0000 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Xref: news.gmane.org gmane.linux.lib.musl.general:4364 Archived-At: On Wed, Dec 04, 2013 at 02:12:31PM +0000, Raphael Cohn wrote: > Dear List, > > Whilst compiling pam_rhosts in Linux PAM 1.1.8 (pam_rhosts.c), it tries to > use the function 'ruserok'. I believe this, and its siblings, aren't in This is part of the legacy rhosts API for source-IP-address-based authentication. It's useless, dangerous, and really disturbing that PAM even supports something that was obsolete and known-dangerous a decade before PAM was invented... My first reaction would be to say "patch it out and send a bug report upstream". > musl. Quite correctly, I suspect - I presume these relate to the legacy 'r' > commands that no one in their right mind should be using. I'll be patching > my installation to remove this module from the build (*sigh* Linux pam > doesn't make choosing a subset of modules easy). Yes, this is the right solution, but we should try (diplomatically :) to get upstream fixed too. > Would it make sense, for completeness to add stubs to musl to do either:- > - return the failure outcome; > - or, return a nasty warning and a failure outcome? And a syslog on runtime > use to really give users a kick? A stub that just returns failure would not be such a bad thing, but when it's such a harmful a function that only a single package has been caught using, I'd rather try to get it fixed upstream. Compatibility with broken apps/libs is a continuous stream of choices whether to work around the brokenness in musl (often this has tiny marginal cost but that cost builds up over time with lots of broken packages) or make the efforts to get the upstream fixed. > Alternatively, it might be a good idea to not do this, but have a wiki page > somewhere listing deliberately unimplemented and stub functions. That might be a good idea anyway even if we don't add more such functions. Rich