From owner-freebsd-security@FreeBSD.ORG Wed Sep 21 20:52:43 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BE619106566B for ; Wed, 21 Sep 2011 20:52:43 +0000 (UTC) (envelope-from gleb.kurtsou@gmail.com) Received: from mail-bw0-f54.google.com (mail-bw0-f54.google.com [209.85.214.54]) by mx1.freebsd.org (Postfix) with ESMTP id 4C4048FC08 for ; Wed, 21 Sep 2011 20:52:42 +0000 (UTC) Received: by bkbzs8 with SMTP id zs8so2467775bkb.13 for ; Wed, 21 Sep 2011 13:52:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:content-transfer-encoding :in-reply-to:user-agent; bh=jy8e0LrJn/YxbqaLDjg0P8u3jCZgI7J5KA6TdOCxVP4=; b=JZacGJjYoTX+L6WJ9EtCzCfeZdR4tX1QmMS91aqnUi9OEhKQYNJk/ljs2P0l+OhBBy DTnE4qUU+eE63PPQlQmRwwyX7f5v5SGkVLNdxIyXwyHDowOWMU2Id73OS+Co7MnRrdC+ xgN4g3GyceXI/e0wsc6JjNAYKe+1x2o0jscI8= Received: by 10.204.149.82 with SMTP id s18mr882578bkv.387.1316637040701; Wed, 21 Sep 2011 13:30:40 -0700 (PDT) Received: from localhost (lan-78-157-92-5.vln.skynet.lt. [78.157.92.5]) by mx.google.com with ESMTPS id t18sm6104578bkb.9.2011.09.21.13.30.38 (version=SSLv3 cipher=OTHER); Wed, 21 Sep 2011 13:30:39 -0700 (PDT) Date: Wed, 21 Sep 2011 23:29:17 +0300 From: Gleb Kurtsou To: Xin LI Message-ID: <20110921202917.GA25278@tops> References: <86boukbk8s.fsf@ds4.des.no> <4E738794.4050908@delphij.net> <86zki1afto.fsf@ds4.des.no> <4E78EA46.2080806@delphij.net> <86ty86zzcg.fsf@ds4.des.no> <4E793506.1070402@delphij.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <4E793506.1070402@delphij.net> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: Dag-Erling =?utf-8?B?U23DuHJncmF2?= , d@delphij.net, freebsd-security@freebsd.org Subject: Re: PAM modules X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Sep 2011 20:52:43 -0000 On (20/09/2011 17:51), Xin LI wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > On 09/20/11 14:19, Dag-Erling Smørgrav wrote: > > Xin LI writes: > >> The main concern I have is that users might want to stay on an > >> older FreeBSD release, while wanting features of a new OpenLDAP. > >> That's why I would prefer a libxml style import -- users always > >> have choice to install a new OpenLDAP without any concern of > >> breaking their system and we can always deliver security fixes > >> with freebsd-update. Would that make the trimmed down and > >> renamed OpenLDAP import sound sensible? > > > > Yes, you have a point. So you're saying: > > > > - client side only (for nss_ldap, pam_ldap etc) - namespace hacks > > to avoid colliding with the port > > > > right? I would definitely support that. > > Yes exactly, the current version is just library to support these nss > and pam modules and have namespace hacks (so programs linking against > port OpenLDAP library will not see conflicts as well). It wasn't explicitly mentioned, but instead of adding ssh-namespace.h like hacks we could add local symbol versions to ldap shared libraries. That would make impact on OpenLDAP from ports and its users minimal. Binary could be linked against both OpenLDAP and ldap from base in case when libbsdldap.so is indirect dependency used by another library from base. That is not the case with libbsdxml.so Thanks, Gleb. > > Cheers, > - -- > Xin LI https://www.delphij.net/ > FreeBSD - The Power to Serve! Live free or die > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.18 (FreeBSD) > > iQEcBAEBCAAGBQJOeTUGAAoJEATO+BI/yjfBRCAIAKQzG1dJhrLyKyYxJEH5qfXS > pm11L5cuQQto9yqm1TeMeT3qNMuNBo+bWt2QPJ0ef6qaOiL1oYIHdDyAkHqlDh1Z > q5zuwxZFzNAaBYF+QZLE0jSJpV05YpuN5bdkM5GilYw/xzbI4QmOstgJMyPS92WD > //oFfz9jHdQxJ0jZdp8dTDKMbgpOfUDfm/82zdDJPRnoK4dbJyn1xNFOB2H7KQyI > l246YN/W4/yR1wUDZlgjQ6zVoG4I6WvK1Lv7MU3YD2sNqfsnxoC+928U4Swd05Di > A1KXRWLsSB+2ZFnCXbGq3D22KhnmD4GQqxEZn5PZj0p2mDF3kjYDf3zlsUoofmw= > =DG1c > -----END PGP SIGNATURE----- > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"