From owner-cvs-all  Wed Feb  6  4:29:47 2002
Delivered-To: cvs-all@freebsd.org
Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153])
	by hub.freebsd.org (Postfix) with ESMTP
	id B689337B405; Wed,  6 Feb 2002 04:29:42 -0800 (PST)
Received: from madman.nectar.cc (madman.nectar.cc [10.0.1.111])
	by gw.nectar.cc (Postfix) with ESMTP
	id 236D65; Wed,  6 Feb 2002 06:29:42 -0600 (CST)
Received: (from nectar@localhost)
	by madman.nectar.cc (8.11.6/8.11.6) id g16CTPU53325;
	Wed, 6 Feb 2002 06:29:25 -0600 (CST)
	(envelope-from nectar)
Date: Wed, 6 Feb 2002 06:29:25 -0600
From: "Jacques A. Vidrine" <n@nectar.cc>
To: Mark Murray <mark@grondar.za>
Cc: "Andrey A. Chernov" <ache@nagual.pp.ru>, des@FreeBSD.org,
	cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/lib/libpam/modules/pam_unix pam_unix.c
Message-ID: <20020206122925.GD53286@madman.nectar.cc>
Mail-Followup-To: "Jacques A. Vidrine" <n@nectar.cc>,
	Mark Murray <mark@grondar.za>,
	"Andrey A. Chernov" <ache@nagual.pp.ru>, des@FreeBSD.org,
	cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
References: <20020205214703.GA8579@nagual.pp.ru> <200202052219.g15MJhs32408@greenpeace.grondar.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200202052219.g15MJhs32408@greenpeace.grondar.org>
User-Agent: Mutt/1.3.27i
X-Url: http://www.nectar.cc/
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

On Tue, Feb 05, 2002 at 10:19:38PM +0000, Mark Murray wrote:
> > On Tue, Feb 05, 2002 at 23:59:08 +0300, Andrey A. Chernov wrote:
> > 
> > > It is OK at this point, but broken _after_ PAM called.
> > > Lets imagine srandom(33) produce this hypotetical sequence for random() 
> > > calls:
> > 
> > To see the bug, run following test application with "call_pam" set to 1 
> > and 0
> 
> The bug is doing userland stuff before the authentication IMO.

No, the bug is in the usage of srandom/random by what for all purposes
is implementation code.

C99 spells out quite clearly for srand/rand that these functions shall
behave as if the implementation never calls them.  I cannot find such
a requirement in POSIX for srandom/random, but POLA dictates that the
same semantics apply.

Cheers,
-- 
Jacques A. Vidrine <n@nectar.cc>                 http://www.nectar.cc/
NTT/Verio SME          .     FreeBSD UNIX     .       Heimdal Kerberos
jvidrine@verio.net     .  nectar@FreeBSD.org  .          nectar@kth.se

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message