Date: Mon, 24 Jun 2002 07:32:10 -0500 From: "Matthew D. Fuller" <fullermd@over-yonder.net> To: Paul Herman <pherman@frenchfries.net> Cc: "Geoffrey C. Speicher" <geoff@sea-incorporated.com>, freebsd-hackers@FreeBSD.ORG Subject: Re: bug in pw, -STABLE [patch] Message-ID: <20020624123210.GA59373@over-yonder.net> In-Reply-To: <20020623165244.X39062-100000@mammoth.eat.frenchfries.net> References: <20020623230923.GM81018@over-yonder.net> <20020623165244.X39062-100000@mammoth.eat.frenchfries.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jun 23, 2002 at 05:14:58PM -0700 I heard the voice of Paul Herman, and lo! it spake thus: > > Clearly, at the root of our disagreement is what we both perceive > the problem to be. Oh, certainly; that's what makes it fun :) > I don't see problems in the current implementation, aside from bugs > that lead to unexpected behavior, i.e. passwd file corruption. > You see the problem as a deficiency in the implementation itself, > and wish to protect the user from shooting themselves in the foot. Well, we're in violent agreement on the first one. I'm just using that as an opportunity to smack down the second and kill two birds with one stone. > Not only do I think that's impossible[*], I choose to fight for my > right to shoot myself in the foot as quickly and efficiently as > possible, but that's where we'll disagree, and I'll just leave it > at that and wish you a good night's sleep. Wouldn't work; the determined foot-screwer would simply "cd /etc && mv aliases somethingelse && ln master.passwd aliases && vi aliases". Since we don't have mandatory file locking, it's neither possible nor my intention to prevent people from doing things intentionally; I'm just trying to remove the ways they can do it accidentally using the tools we provide. I'm all for leaving options for people to intentionally de-toe, or convince the system that they know what they're doing while they shoot caterpillars between their toes. Your approach will (I think; I haven't tested, so it's tough to be sure) solve the problem that sparked this, which is that pw(8) has a race condition allowing multiple invocations to step up each other's toes. However, it doesn't do anything about the larger problem of maintaining consistency in the passwd subsystem as a whole, which is where I'm aiming. I also think my approach (once documented, at any rate) would jump out a bit more at people writing programs that adjust the auth information. And, additionally, we took the opportunity to take one MORE step back from the problem, and implement the pid_*() functions which abstract the implementation of this sort of locking, making is easy to apply in other places. Besides, this is a codeocracy; I changed more lines of code than you did, to say nothing of a MANPAGE! My solution MUST be better! 8-} > [*] Patch to vi refusing to edit filenames containing > "master.passwd" withheld by request. ;-) rm -f /usr/bin/vi && ln -s /usr/local/bin/pico /usr/bin/vi That'll shake people up enough that they won't edit anything. I know it would have ME waking up screaming... -- Matthew Fuller (MF4839) | fullermd@over-yonder.net Systems/Network Administrator | http://www.over-yonder.net/~fullermd/ "The only reason I'm burning my candle at both ends, is because I haven't figured out how to light the middle yet" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020624123210.GA59373>