From owner-cvs-usrsbin Mon Dec 16 10:45:50 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id KAA23845 for cvs-usrsbin-outgoing; Mon, 16 Dec 1996 10:45:50 -0800 (PST) Received: from sequent.kiae.su (sequent.kiae.su [193.125.152.6]) by freefall.freebsd.org (8.8.4/8.8.4) with SMTP id KAA23831; Mon, 16 Dec 1996 10:45:39 -0800 (PST) Received: by sequent.kiae.su id AA19828 (5.65.kiae-2 ); Mon, 16 Dec 1996 22:25:35 +0400 Received: by sequent.KIAE.su (UUMAIL/2.0); Mon, 16 Dec 96 22:25:32 +0400 Received: from localhost (nagual.ru [127.0.0.1]) by nagual.ru (8.8.4/8.8.4) with SMTP id VAA00974; Mon, 16 Dec 1996 21:23:49 +0300 (MSK) Date: Mon, 16 Dec 1996 21:23:49 +0300 (MSK) From: =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7=2C_Andrey_Chernov?= To: David Nugent Cc: CVS-committers@freefall.freebsd.org, cvs-all@freefall.freebsd.org, cvs-usrsbin@freefall.freebsd.org Subject: Re: cvs commit: src/usr.sbin/pw pw_user.c In-Reply-To: <199612161737.JAA20217@freefall.freebsd.org> Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-cvs-usrsbin@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Mon, 16 Dec 1996, David Nugent wrote: > davidn 96/12/16 09:37:59 > > Modified: usr.sbin/pw pw_user.c > Log: > Reviewed by: davidn@blaze.net.au > Submitted by: proff@iq.org > Security patch for better random password generation. > Please, fix this fix. /dev/urandom open and reading must cause immediately exit with error diagnostic, not fallback to MD5 hashing for FreeBSD. If you want portability, you can ifdef /dev/urandom code with __FreeBSD__. Really MD5 hashing not needed for FreeBSD and must be #ifdefed too. Testing !fd is clear error too. -- Andrey A. Chernov http://www.nagual.ru/~ache/