On Tue, Oct 23, 2012 at 05:05:27PM +0100, Julian Yon wrote: > On Tue, 23 Oct 2012 10:32:18 -0400 > Thor Lancelot Simon <[email protected]> wrote: > > > On Tue, Oct 23, 2012 at 04:31:52PM +0200, Emmanuel Dreyfus wrote: > > > Background: libpthread is tagged as not loadable by dlopen() in > > > NetBSD-6.0. This breaks PAM modules that are linked with -lpthread > > > or that dlopen() other objects linked with -lpthread. > > > > Don't do that, then. > > You appear to be ignoring the existence of the Real World. You may
You appear to be ignoring the relevant standards. A process is either threaded or it is not, and thus a shared object which may be loaded into arbitrary processes must not use threads. Doing so in authentication software is just insane. In the real world I live in, one needs to be particularly careful with security software, not the other way around. Nasty hacks like subverting the protection against LD_PRELOAD on setuid executables are not called for in a case like this. If we resort to them, why should our users trust us to deliver quality software? If you want the wild west, you can find Debian's openssl patches over there ----->. Thor
