Hi Omar,
Omar Polo wrote on Fri, Dec 03, 2021 at 09:07:02AM +0100:
> % pkg_info libfixposix
> Information for inst:libfixposix-0.4.3
>
> Comment:
> thin wrapper over POSIX syscalls
>
> Description:
> The purpose of libfixposix is to offer replacements for parts of POSIX
> whose behaviour is inconsistent across *NIX flavours.
Without looking at the code:
This sounds totally scary to me.
Wouldn't it be better to provide a dummy instead that just passes
the calls through?
I mean, decisions about OpenBSD deviating from POSIX are usually
made for a reason, aren't they? For example, the first things
coming to my mind are rand(3) and gets(3) and printf(%n), and i feel
certain there are several more.
Software depending on POSIX behaviour that we intentionally disabled
should not just patch it back, right? I think it is better to have
such software fail to build (or even, admittedly less conveniently,
crash at run time).
Then, the actual problems can be investigated and fixed properly.
Wouldn't this port essentially implement security mitigation
countermeasures, as the famous saying by tedu@ goes?
This is not an objection, just a question.
> Maintainer: The OpenBSD ports mailing-list <ports@openbsd.org>
For such a scary beast, shouldn't there at least be a maintainer
who does basic auditing of the library, making sure that it does
not cause a security disaster, and making sure that future versions
do not introduce vulnerabilities either?
To me, this feels like sending a Mastiff to promenade alone in the
park instead of leading it on a leash?
Yours,
Ingo
No comments:
Post a Comment