[illumos-Developer] [REVIEW] 1222, 1223, 1224 -- strconst fixes for crypt, catman, lp
Albert Lee
trisk at nexenta.com
Mon Jul 18 19:27:42 PDT 2011
On Mon, Jul 18, 2011 at 9:20 PM, Richard Lowe <richlowe at richlowe.net> wrote:
> Hey all, I'd like review for:
>
> 1222 crypt may modify constant data
> 1223 catman may modify constant data
> 1224 lp may overwrite constant data
>
> webrev:
>
> http://richlowe.net/webrevs/il_1222/
>
> Note that there are undoubtedly many more issues within cmd/lp, especially.
> Albert, you requested the lp option fixes be done this way, so it'd be
> nice to get your review of that.
>
No complaints for crypt(1) and lp.
For man, you should probably check the strdup() return to be consistent.
> I would also like to solicit opinion on a possible EOF of crypt(1) in
> a followup bug. Anyone wishing for real encryption should use
> something stronger (encrypt(1), gnupg), I hope this has been known for
> sufficiently long that crypt(1) has no actual consumers (though due to
> its nature, it's not like one _really_ needs a crypt binary to recover
> the plaintext...)
>
> Relevant standards specify crypt(3C) but not crypt(1), crypt(3C)
> would, of course, be left intact.
>
I think crypt(1) was intentionally kept as an inoffensive historical
curiosity after the algorithm was changed to avoid being "real" crypto
for export reasons. In that case, it's serving its purpose still... of
course, we could make it use DES for more (V7 Unix?) "authenticity".
FreeBSD prefers the name enigma(1).
-Albert
More information about the Developer
mailing list