This is the mail archive of the libc-hacker@sourceware.cygnus.com mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

Re: [ak@muc.de] libc/796: getpass() is not usable for high security applications

Andi Kleen <ak@muc.de> writes:

> Ok. But could you at least remove the fflush(fh) from getpass? It 
> definitely accounts for >50% of my failed su attempts. Libc5
> didn't flush and working with su was smoother. I think it offers
> no security advantage.

This was indeed added for security reasons.  I cannot remember the
details anymore, though.

-- 
---------------.      drepper at gnu.org  ,-.   1325 Chesapeake Terrace
Ulrich Drepper  \    ,-------------------'   \  Sunnyvale, CA 94089 USA
Cygnus Solutions `--' drepper at cygnus.com   `------------------------
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]