>> On Sat, Jul 30, 2016 at 06:30:40PM +0200, Joerg Jung wrote: >>> >>> > Am 30.07.2016 um 18:07 schrieb Theo Buehler <t...@math.ethz.ch>: >>> > >>> > Currently, slock only clears the entered passwd buffer as part of >>> > auth_userokay(3). If the user aborts the password entry with ESC or >>> > clears the entered password with multiple backspaces, a cleartext >>> > copy of the entered password is kept in memory. Use explicit_bzero() >>> > to avoid this. >>> >>> I think this is a useful addition. >>> >>> You should try to bring this patch upstream (but be >>> prepared for flames). >> >> Thanks, I will try to do that when I have a patch that compiles without >> additional warnings. >> >>> slock already contains various ifdef's so maybe add >>> an #ifdef __OpenBSD__ around the explicit_bzero() >>> because AFAIK it is non-portable. >> >> Right, added. > >The fact that it is not portable doesn't mean that it isn't / it won't >be available on other platforms. FreeBSD has it for example. > >Those ifdefs don't serve any purpose in the ports tree, will (should) >be rejected upstream and will do more harm than good in the larger >ecosystem. You don't want new unix code to look like unix code from the >80's. > >There are alternatives, eg use a macro that could look like >CLEAR_PASSWORD(p, len) with a fallback implementation using memset. >Then, a better implementation would be used if the user appropriately >adds -DHAVE_EXPLICIT_BZERO to CPPFLAGS in config.mk. > >Anyway, please don't add those #ifdef __OpenBSD__.
Very good points. The best way to keep something non-portable, is to narrowly confine it to an #ifdef that noone can verify. That is a trap, not just for the non-portable extension, but to the upstream software where it anti-patterns the developers into adopting "cpp is the primary language" methods. If the non-portable addition is a good idea, and is already being adoption in some other systems -- or if we believe it will eventually adopted more widely because believe we hit the mark with the design -- then the mechanisms proposed by jca are more suitable. Rather than hinder, they allow and encourage adoption.