Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 24 Jun 2002 07:32:10 -0500
From:      "Matthew D. Fuller" <fullermd@over-yonder.net>
To:        Paul Herman <pherman@frenchfries.net>
Cc:        "Geoffrey C. Speicher" <geoff@sea-incorporated.com>, freebsd-hackers@FreeBSD.ORG
Subject:   Re: bug in pw, -STABLE [patch]
Message-ID:  <20020624123210.GA59373@over-yonder.net>
In-Reply-To: <20020623165244.X39062-100000@mammoth.eat.frenchfries.net>
References:  <20020623230923.GM81018@over-yonder.net> <20020623165244.X39062-100000@mammoth.eat.frenchfries.net>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jun 23, 2002 at 05:14:58PM -0700 I heard the voice of
Paul Herman, and lo! it spake thus:
> 
> Clearly, at the root of our disagreement is what we both perceive
> the problem to be.

Oh, certainly; that's what makes it fun   :)


> I don't see problems in the current implementation, aside from bugs
> that lead to unexpected behavior, i.e. passwd file corruption.
> You see the problem as a deficiency in the implementation itself,
> and wish to protect the user from shooting themselves in the foot.

Well, we're in violent agreement on the first one.  I'm just using that
as an opportunity to smack down the second and kill two birds with one
stone.


> Not only do I think that's impossible[*], I choose to fight for my
> right to shoot myself in the foot as quickly and efficiently as
> possible, but that's where we'll disagree, and I'll just leave it
> at that and wish you a good night's sleep.

Wouldn't work; the determined foot-screwer would simply "cd /etc && mv
aliases somethingelse && ln master.passwd aliases && vi aliases".  Since
we don't have mandatory file locking, it's neither possible nor my
intention to prevent people from doing things intentionally; I'm just
trying to remove the ways they can do it accidentally using the tools we
provide.  I'm all for leaving options for people to intentionally de-toe,
or convince the system that they know what they're doing while they shoot
caterpillars between their toes.

Your approach will (I think; I haven't tested, so it's tough to be sure)
solve the problem that sparked this, which is that pw(8) has a race
condition allowing multiple invocations to step up each other's toes.
However, it doesn't do anything about the larger problem of maintaining
consistency in the passwd subsystem as a whole, which is where I'm
aiming.  I also think my approach (once documented, at any rate) would
jump out a bit more at people writing programs that adjust the auth
information.  And, additionally, we took the opportunity to take one MORE
step back from the problem, and implement the pid_*() functions which
abstract the implementation of this sort of locking, making is easy to
apply in other places.


Besides, this is a codeocracy; I changed more lines of code than you did,
to say nothing of a MANPAGE!  My solution MUST be better!   8-}


> [*] Patch to vi refusing to edit filenames containing
> "master.passwd" withheld by request.  ;-)

rm -f /usr/bin/vi && ln -s /usr/local/bin/pico /usr/bin/vi

That'll shake people up enough that they won't edit anything.  I know it
would have ME waking up screaming...


-- 
Matthew Fuller     (MF4839)   |  fullermd@over-yonder.net
Systems/Network Administrator |  http://www.over-yonder.net/~fullermd/

"The only reason I'm burning my candle at both ends, is because I
      haven't figured out how to light the middle yet"

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020624123210.GA59373>