On October 29, 2021 10:45 AM, Alejandro Colomar wrote: > On 10/29/21 16:33, rsbecker@xxxxxxxxxxxxx wrote: > > October 29, 2031 10:21 AM, Theo de Raadt will write: > >> <rsbecker@xxxxxxxxxxxxx> wrote: > >> > >>>>> getpass() is obsolete in POSIX.2. However, some platforms still > >>>>> are on > >>> POSIX.1, > >>>> so replacing it instead of providing a configure detection/switch > >>>> for it > >>> might > >>>> cause issues. > >>>> > >>>> > >>>> The community finally had the balls to get rid of gets(3). > >>>> > >>>> getpass(3) shares the same flaw, that the buffer size isn't passed. > >>>> This has been an issue in the past, and incorrectly led to > >>> readpassphrase(3) > > That seems a good reason to keep the "Do not use it." note in the manual page. > I think I'll add a recommendation for readpassphrase(3bsd) for the moment > which is the only alternative available in Linux. > > >>>> > >>>> readpassphrase(3) has a few too many features/extensions for my > >>>> taste, but > >>> at > >>>> least it is harder to abuse. > >>> > >>> readpassphrase is not generally supported. This will break builds on > >>> many platforms. > I found readpassphrase(3) in FreeBSD and OpenBSD. > It is also present in libbsd(7), which is available in most Linux distributions. > I also found it on a Mac that I have access. > > NetBSD has getpass_r(3) instead. It is not in any other system I have access. > > > >> > >> Of course moving forward takes a long time. If a better API is supplied then > >> there is a choice in 10 years. If a better API is not supplied, then 10 years > from > >> now this conversation can get a reply. > > > > I checked the API 10 years from now (check the above date) at it's still not > there 😉 In the meantime, compatibility is important. I checked the latest > release (last week's) on my platform and readpassphrase() is not available. Let's > please put a compatibility layer in. > > > libbsd(7) is probably the compatibility layer that you're looking for. > What system are you on? > > <https://libbsd.freedesktop.org/wiki/> I am on two variants (x86 and ia64) of HPE NonStop with current operating systems - and I do the build/test for git and OpenSSL. getpass() an alias to getpass2() but the other procs are not present. If this is going into git, I would suggest putting something into compat.c to abstract out the call. If it's there, we can handle it on a platform-by-platform basis. Thanks, Randall
