This is the mail archive of the
libc-hacker@sourceware.cygnus.com
mailing list for the glibc project.
Re: [ak@muc.de] libc/796: getpass() is not usable for high security applications
Andi Kleen <ak@muc.de> writes:
> Ok. But could you at least remove the fflush(fh) from getpass? It
> definitely accounts for >50% of my failed su attempts. Libc5
> didn't flush and working with su was smoother. I think it offers
> no security advantage.
This was indeed added for security reasons. I cannot remember the
details anymore, though.
--
---------------. drepper at gnu.org ,-. 1325 Chesapeake Terrace
Ulrich Drepper \ ,-------------------' \ Sunnyvale, CA 94089 USA
Cygnus Solutions `--' drepper at cygnus.com `------------------------