On Thu, Aug 9, 2012 at 2:44 PM, Canek Peláez Valdés <can...@gmail.com> wrote: > On Thu, Aug 9, 2012 at 3:42 AM, Luca Barbato <lu_z...@gentoo.org> wrote: > [snip] >> Repeat after me: having your first process require anything more than >> libc is stupid and dangerous. > > No, it's not. You can (and should) depend on whatever libraries helps > to achieve the desired goals. If one of the libraries has a bug, guess > what? It should be fixed.
Look, there is a balance here. This isn't really the thread to discuss it, but there is a balance between having your only password-reset UI being the passwd program, and having a 2MB suid root X11 application like IRIX. Most sane solutions today just have a non-root front-end, that calls a small well-audited suid app (perhaps just passwd). Sure, fixing bugs should be admired, but planning to be robust even in the face of future unknown bugs is the bedrock of secure software. Rich
