* Solar Designer <solar@private> [2006-07-02 07:47:22 +0400]:
> > > SimplePAMApps is a package that provides small PAM-only implementations
> > > of login, passwd, and su. It is essentially unmaintained upstream - so
> > > we're maintaining it ourselves. (Maybe we should be making releases of
> > > "our" SimplePAMApps separately from Owl.)
>
> On Sat, Jul 01, 2006 at 09:21:10PM -0600, Vincent Danen wrote:
> > Yeah, I finally updated my CVS copy of owl and started grepping for
> > passwd and found that. I was fiddling with it a bit before I had to
> > take off, and there's some gcc4 cleanup that's needed I think in order
> > for passwd to compile properly.
>
> If SimplePAMApps requires any fixes for gcc 4.1+, I'm sure Dmitry
> already has those implemented for ALT Linux's distributions.
Poking around the ALT site now to see if I can find something.
> > But I plan on dropping that in on my test vm and see if that makes a
> > difference. If so, it'll be nice because our passwd is the only thing
> > that uses libuser, so if I can drop it, fantastic. The other stuff I
> > see in SimplePAMApps look to already be provided by util-linux, so the
> > only thing I'm really interested in is passwd.
>
> The implementations of all three utilities - login, passwd, and su - are
> smaller and likely safer than those from util-linux and the shadow suite.
>
> Owl-current on x86:
>
> -rwx------ 1 root root 18604 2006-05-06 03:56 /bin/login
> -rwx------ 1 root root 19120 2006-05-06 03:56 /bin/su
> -rwx--s--x 1 root shadow 6884 2006-05-06 03:56 /usr/bin/passwd
>
> RHEL3 Update 6 on x86:
>
> -rwxr-xr-x 1 root root 19868 Sep 14 2005 /bin/login
> -rwx------ 1 root root 46156 Jul 22 2005 /bin/su
> -r-s--x--x 1 root root 17700 Jun 25 2004 /usr/bin/passwd
>
> (the perms on /bin/su is a local change).
Ahhh... ok, I'll give those a go then as soon as I grab this SRPM I'm
seeing on the ALT FTP site.
> > I should, now that I'm thinking of it, just try the passwd program from
> > the shadow-utils suite too... that might work.
>
> Yes, it might work, but I do not recommend it.
I kinda wanted to rule out the passwd program I currently have first
before building new packages and specs, just to be sure that it is what
I'm suspecting instead of, say, a problem with the forward-port.
> > In fact, openwall was where I got the
> > idea of tagging stuff with -avx- or -fdr- or -mdk-, etc.
>
> FWIW, when Red Hat Linux was split into RHEL and Fedora, we continued to
> tag patches from Fedora with -rh-. We did not introduce a -fdr-.
I typically note them from what distro they come from. I suppose it
doesn't much matter since it usually serves as just a general reference
to indicate where it came from.
--
{FEE30AD4 : 7F6C A60C 06C2 4811 FA1C A2BC 2EBC 5E32 FEE3 0AD4}
mysql> SELECT * FROM users WHERE clue > 0;
Empty set (0.00sec)
:: Annvix - Secure Linux Server: http://annvix.org/ ::
This archive was generated by hypermail 2.1.3 : Sat Jul 01 2006 - 21:48:59 PDT