>> On Sat, Jul 30, 2016 at 06:30:40PM +0200, Joerg Jung wrote:
>>> 
>>> > Am 30.07.2016 um 18:07 schrieb Theo Buehler <t...@math.ethz.ch>:
>>> > 
>>> > Currently, slock only clears the entered passwd buffer as part of
>>> > auth_userokay(3). If the user aborts the password entry with ESC or
>>> > clears the entered password with multiple backspaces, a cleartext
>>> > copy of the entered password is kept in memory. Use explicit_bzero()
>>> > to avoid this.
>>> 
>>> I think this is a useful addition.
>>> 
>>> You should try to bring this patch upstream (but be 
>>> prepared for flames).
>>
>> Thanks, I will try to do that when I have a patch that compiles without
>> additional warnings.
>>
>>> slock already contains various ifdef's so maybe add
>>> an #ifdef __OpenBSD__ around the explicit_bzero() 
>>> because AFAIK it is non-portable.
>>
>> Right, added.
>
>The fact that it is not portable doesn't mean that it isn't / it won't
>be available on other platforms.  FreeBSD has it for example.
>
>Those ifdefs don't serve any purpose in the ports tree, will (should)
>be rejected upstream and will do more harm than good in the larger
>ecosystem. You don't want new unix code to look like unix code from the
>80's.
>
>There are alternatives, eg use a macro that could look like
>CLEAR_PASSWORD(p, len) with a fallback implementation using memset.
>Then, a better implementation would be used if the user appropriately
>adds -DHAVE_EXPLICIT_BZERO to CPPFLAGS in config.mk.
>
>Anyway, please don't add those #ifdef __OpenBSD__.


Very good points.

The best way to keep something non-portable, is to narrowly confine it
to an #ifdef that noone can verify.  That is a trap, not just for the
non-portable extension, but to the upstream software where it
anti-patterns the developers into adopting "cpp is the primary
language" methods.

If the non-portable addition is a good idea, and is already being
adoption in some other systems -- or if we believe it will eventually
adopted more widely because believe we hit the mark with the design --
then the mechanisms proposed by jca are more suitable.  Rather than
hinder, they allow and encourage adoption.

Reply via email to