From owner-freebsd-security@FreeBSD.ORG Fri Sep 23 10:07:11 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2E78F106564A for ; Fri, 23 Sep 2011 10:07:11 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from anubis.delphij.net (anubis.delphij.net [IPv6:2001:470:1:117::25]) by mx1.freebsd.org (Postfix) with ESMTP id 0ECA48FC13 for ; Fri, 23 Sep 2011 10:07:11 +0000 (UTC) Received: from delta.delphij.net (c-76-102-50-245.hsd1.ca.comcast.net [76.102.50.245]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by anubis.delphij.net (Postfix) with ESMTPSA id C5A187E84; Fri, 23 Sep 2011 03:07:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=delphij.net; s=anubis; t=1316772430; bh=yozNS36DUQcPNiCL6/fDdeg/LY/xgpwTYocnFc6kpgQ=; h=Message-ID:Date:From:Reply-To:MIME-Version:To:CC:Subject: References:In-Reply-To:Content-Type:Content-Transfer-Encoding; b=dk4th8NZBtapmesBTzSfob0Tqj8qaTXbVDH/oC0ThAri/1E757S/pjvP/oYgP/TEm 9JbCtmHd79xSUKJMis7O4IDU2ZNsb5mQDwxhlOLXzOYktzBgBYxqwhPBrCZccPmOs7 0DTrBi473RYSjp3TWtLz3LbSOZH4799qXW23BI18= Message-ID: <4E7C5A49.9050507@delphij.net> Date: Fri, 23 Sep 2011 03:07:05 -0700 From: Xin LI Organization: The FreeBSD Project MIME-Version: 1.0 To: Benjamin Kaduk References: <86boukbk8s.fsf@ds4.des.no> <4E738794.4050908@delphij.net> <86zki1afto.fsf@ds4.des.no> <4E78EA46.2080806@delphij.net> <86ty86zzcg.fsf@ds4.des.no> <1251419684.20110921022541@serebryakov.spb.ru> <4E7914E1.6040408@delphij.net> <849327678.20110921024347@serebryakov.spb.ru> <20110920225109.GF1511@deviant.kiev.zoral.com.ua> <4E792DEF.30209@delphij.net> In-Reply-To: OpenPGP: id=3FCA37C1; url=http://www.delphij.net/delphij.asc Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org, d@delphij.net Subject: Re: PAM modules X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: d@delphij.net List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Sep 2011 10:07:11 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 09/22/11 19:19, Benjamin Kaduk wrote: > On Tue, 20 Sep 2011, Xin LI wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 >> >> On 09/20/11 15:51, Kostik Belousov wrote: [...] >>> Yes, the question of maintanence of the OpenLDAP code in the >>> base is not trivial by any means. I remember that openldap once >>> broke the ABI on its stable-like branch. >> >> That happen a few times however these are either not essential >> client library (libldap and liblber) API or it's not changing >> parameters or removing interfaces. Moreover, like the base >> libbsdxml.so, it's only intended to be used by base system only >> so it's relatively easier to maintain ABI stability, e.g. we can >> probably just expose only symbols that we use, etc. > > This is not without its own failures. For example, I sometimes > find myself wanting a kgetcred(1) from heimdal, but we do not build > it as part of our base heimdal. As a separate utility, this is not > so bad; for a library, things can get much more annoying. Only > exposing a limited set of symbols can make third-party tools that > want extra symbols very sad, unless it is easy to drop in a full > version from ports and still have all of base "just work". I do > not quite think that the current state of ports for ldap would > "just work" without some extra configuration (though, nor have I > tried something like it). Third party utilities should use symbols provided by port OpenLDAP library because base system symbols are namespaced and third party application have no chance to reference them (e.g. no header installed, etc) unless they are part of base system and be built with it. Cheers, - -- Xin LI https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iQEcBAEBCAAGBQJOfFpHAAoJEATO+BI/yjfBjxwH/iKLFZkvzkowW50FyuxnesmQ r4f9bvOLAH8iRva8GJEJDJaTqQHKWVJ8yIkT49WC8VgoNAcpkvzkOXm2Xe658yuz Ca5TNIFvJccw6MtH6nicE4REy+YEOwcnSQTLHqcPBKiSLH3RFrklOZ3YjGrR8qgX 9WmVI6rZ9CbHwUVsWyJUOUYrCsAPsLpraqyfhwM1/ZXnr3mGNKayb8KMjgmy0gGI V2J9bIjPd2E6vDLl8vYJxQZ+pPrUcuPJ06v+SFN9vmbC7UadRWZr37DsX1Kba4pN 3qRKemze61qMPi39Xd8Wt7Og6+GAIKnMV2cX2+a+3gExO0haMl4E/V9BU6UpVUA= =t3Ti -----END PGP SIGNATURE-----