Re: getspnam-support

Ok, fine.  Let's assume that you have both getpwnam() and getspwnam()
available from a program.  If an attacker is going to tickle a Perl
program with a buffer-overrun exploit, he can trivially make *ANY PERL
PROGRAM* call getspwnam(), even those scripts that don't appear to use it.
In fact, although it isn't pretty, I have it on reasonable authority
that a buffer-overrunnable program can, given enough work, be made to
call anything in any shared library that you like to.

So, given that the BSD getpwnam behaviour makes no difference when it
comes to buffer overruns, could you please explain some *other* sort
of exploit to which we would now be vulnerable given the current set-up
but which under the painful separate calls, we would not be?  

Keep in mind, please, that if the status quo were altered, that you
wouldn't just be breaking existing code.  You'd be breaking existing code
which had been written to perform some sort of security-minded operation.
I'd say that this rather ups the ante of whether to break things.

--tom

• getspnam-support by Jochen Wiedmann
• Re: getspnam-support by John Macdonald
• Re: getspnam-support by John Macdonald
• Re: getspnam-support by Tom Phoenix
• Re: getspnam-support by Tom Christiansen
• Re: getspnam-support by Tom Christiansen
• Re: getspnam-support by John Macdonald
• Re: getspnam-support by John Macdonald
• Re: getspnam-support by Tom Christiansen
• Re: getspnam-support by Matthias Urlichs
• Re: getspnam-support by Tom Christiansen
• Re: getspnam-support by Matthias Urlichs
• Re: getspnam-support by Tom Christiansen
• Re: getspnam-support by Dan Sugalski
• Re: getspnam-support by Matthias Urlichs
• Re: getspnam-support by Dan Sugalski
• Re: getspnam-support by Jochen Wiedmann
• Re: getspnam-support by Gurusamy Sarathy
• Re: getspnam-support by Jochen Wiedmann