oops, I forgot to mention, On Mon, Oct 17, 2005 at 01:22:00AM +0300, Alexander Gattin wrote: > Hi! > > On Sun, Oct 16, 2005 at 12:05:18AM -0700, Steve Langasek wrote: > > On Sat, Oct 15, 2005 at 06:34:03PM +0200, Christian Perrier wrote: > > > found that the prompting for a new password is not done by passwd > > > itself but by the pam_unix PAM module.... > > pam_unix --> misc_conv --> IMHO getpass() > > > Anyway, this seems to be fixed upstream in Linux-PAM 0.80, > > They took "getpass() considered obsolete" message to > heart and implemented their own getpass()? :) (shit, I > don't like all these re-inventions of wheel...)
please look at http://www.freebsd.org/cgi/man.cgi?query=readpassphrase (http://www.freebsd.org/cgi/man.cgi?query=getpass) and at e.g. "getpass considered obsolete" thread here: http://sources.redhat.com/ml/libc-alpha/2003-05/threads.html#00240 (http://sources.redhat.com/ml/libc-alpha/2003-05/msg00240.html) > OK, we can still make customized misc_conv and maybe > even do not anymore depend on libpam_misc.so.0 at > all... > > Also, the bug should instead be reassigned to libc6, > IMHO, as this will fix broader set of issues. > Definitely. > > P.S. > Tomasz, you use getpass() in non-PAM sections, so your > code is prone to the bug when built --without-libpam > > I'm wishing to implement a fix for both PAM and non-PAM > code, but I need a small advice -- I think we should > talk about this on IRC before taking an action. > > -- > WBR, > xrgtn -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
