| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:date:from:to:subject:in-reply-to:message-id | |
| :references:mime-version:content-type; q=dns; s=default; b=ub3u8 | |
| ItUzs6bxM9pXm05lFcgCfRlZAj7MiQO2TKHkF+9lNvD4UCSKVSgzJeWHQ6yd21qT | |
| SYDJr1KqY8LNNqq/IlquxpW1TWB7QtH5/JqcVnsmkw3SG8DQkdenFeRHclN+IGRN | |
| Z7y/s4BrT+JAKUwmIEDK1SqvJDTfegQpZyC/FA= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:date:from:to:subject:in-reply-to:message-id | |
| :references:mime-version:content-type; s=default; bh=dtrkiGv6P76 | |
| nI2D25c/R6K5q0Fo=; b=ruwU4WHXchcI8IGb562BXUn/ioiN0WHqPa8pv5QEYma | |
| LTea9faHzMDo/dWYFPA1jk69PmGaes2FA6zDaa73l+CgimzCMxddUU3LVFDfUmvU | |
| FbNcP7B0+Vnn3OwMNmlX6t0vZagvo1qV84wi1KoyT42+jekif/lxPlIA/nGSZDaM | |
| = | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Virus-Found: | No |
| X-Spam-SWARE-Status: | No, score=-0.4 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.3.2 |
| X-HELO: | mail.sciencetools.com |
| Date: | Wed, 12 Feb 2014 06:48:47 -0800 (PST) |
| From: | Richard <richard AT KarmannGhia DOT org> |
| To: | cygwin AT cygwin DOT com |
| Subject: | Re: get rid of getpwent? (Was: cygwin-1.7.28 getpwent header declaration changes ?) |
| In-Reply-To: | <20140212090804.GM2821@calimero.vinschen.de> |
| Message-ID: | <alpine.LFD.2.03.1402120645450.24343@KarmannGhia.org> |
| References: | <31347914-BB4F-4039-984B-731B6C72F903 AT etr-usa DOT com> <52F7AEC5 DOT 5090205 AT tiscali DOT co DOT uk> <8B7B5FE0-7413-4358-BA8A-E0B6E0B17653 AT etr-usa DOT com> <52F8B50E DOT 7040307 AT lysator DOT liu DOT se> <52F92D58 DOT 9030408 AT etr-usa DOT com> <52F95D1D DOT 4050108 AT tiscali DOT co DOT uk> <4510121021 DOT 20140211062515 AT mtu-net DOT ru> <52FAB14C DOT 8060800 AT tiscali DOT co DOT uk> <52FABAF5 DOT 2060701 AT etr-usa DOT com> <52FAD730 DOT 9090507 AT redhat DOT com> <20140212090804 DOT GM2821 AT calimero DOT vinschen DOT de> |
| User-Agent: | Alpine 2.03 (LFD 1266 2009-07-14) |
| MIME-Version: | 1.0 |
| X-IsSubscribed: | yes |
On Wed, 12 Feb 2014, Corinna Vinschen wrote: > On Feb 11 19:06, Eric Blake wrote: >> On 02/11/2014 05:06 PM, Warren Young wrote: >>> On 2/11/2014 16:25, David Stacey wrote: >>>> getpwent() is called in three different places. >>> >>> To those of you who have investigated these code paths: do any of them >>> look like they couldn't be replaced by getpwnam() or other calls that >>> would let cygwin1.dll do single-record AD/SAM lookups, rather than >>> whole-table/tree scans? >>> >>> That is, do any of these programs really need to visit every record in >>> /etc/passwd? >> >> libreadline wants to know how to tab-complete ~foo; to do that, it has >> to find all usernames beginning with foo. How would you do that without >> visiting every single record? > > This seems to be the major usage of getpwent these days. The question > is, how bad is it if only a handful entries, or even only a single one > (of oneself) show up? > > Either way, implementing a full getpwent requires to return the local > users, the users of the primary domain, and the users of all trusted > domains. I know of domains with 200K users and there are probably > bigger ones. How long should a search take when a user presses <TAB> > after the ~? And then, shall the process running the getpwent actually > cache all of them? This seems really excessive. > Not only is it excessive, it's a massive security hole. ...I don't know why the present crop of geniuses don't know one of the most fundamental rules of security: don't give up usernames. (Yet, they do it all the time.) I vote get rid of the damned thing - not that my vote counts or that this is the place for it anyway! Richard -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |