4 dic. 2022 16:10:48 Jeremie Courreges-Anglas <jca@wxcvbn.org>:
> On Sun, Dec 04 2022, Theo Buehler <tb@theobuehler.org> wrote:
>> On Sun, Dec 04, 2022 at 01:19:45PM +0100, William Orr wrote:
>>> Hey,
>>>
>>> getpwnam hasn't filled in passwd->pw_passwd since 5.9. This fixes a
>>> crash in uucpd that relied on the legacy behavior.
>
> Back in 2014 I created a port foruucpd and rmail because both were
> removed from the base system with no prior warning. Reconsidering this
> now, I would probably not create a port for uucpd. I can't think of a
> useful hack for uucpd to support TLS, and tunneling UUCP over SSH
> (what I did back then) doesn't involve running uucpd.
>
> What use case do you have for this port?
I was deploying uucp out of curiosity, and eventually settled on using uucpd via inetd. In my case, I'm doing it over an IPsec tunnel.
I have no real-world use case for uucpd in particular (and iiuc I can just use uucico directly via inetd anyway), so don't count my use case as a need for keeping it in ports.
>
>>> Please cc me; not subscribed to this list.
>>
>> Thanks. While the diff is clearly correct, doesn't that mean that no one
>> has used this port in >= 5 years? Is it worth keeping?
>
> IIUC using bare getpwnam(3) could not work after this commit:
>
> revision 1.61
> date: 2016/05/07 21:52:29; author: tedu; state: Exp; lines: +3 -5; commitid: ubbtqq8abR4rInYW;
> stop opening the shadow database by default. only programs that request it
> via the _shadow functions will open now, preventing some programs running
> as root from accidentally loading password hashes it into their memory.
> ok deraadt
>
> IMO this calls for a removal.
>
> --
> jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
No comments:
Post a Comment