----- Original Message -----
> Looking at chsh, it definitely looks like it should be relatively easy
> to utilize libuser within it and add a configure for disabling the
> dependency. If it's okay with both maintainers, both lchsh and chsh
> are licensed under the GPL so I'd like to just merge lchsh's code into
> chsh (rather than try to write what should be pretty much exactly the
> same thing from the API documentation).
Yes, that sounds reasonable. There don't seem to be command-line argument differences, perhaps we might end up with lchsh a symlink to chsh (as long as that can be done compatibly).
> If you both approve I'll start working on writing the necessary
> patches, first adding support to chsh, then, once those patches are in
> a happy state, implementing chfn using the same method.
Please keep me Cc:ed on the patches.
Let me add just a few notes:
1) If (!lu_uses_elevated_privileges()), the program should drop all privileges and skip the PAM authentication.
2) Until either the privileges are dropped or the PAM auth is performed, the program should be extremely paranoid about passing untrusted data to libuser.
3) For even more paranoia, clear LIBUSER_CONF from the environment before doing anything with libuser.
Mirek
--
To unsubscribe from this list: send the line "unsubscribe util-linux" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
