From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from jazzdrum.ncsc.mil (zombie.ncsc.mil [144.51.88.131]) by tycho.ncsc.mil (8.12.8/8.12.8) with ESMTP id j75IMVOb002397 for ; Fri, 5 Aug 2005 14:22:31 -0400 (EDT) Received: from gotham.columbia.tresys.com (jazzdrum.ncsc.mil [144.51.5.7]) by jazzdrum.ncsc.mil (8.12.10/8.12.10) with ESMTP id j75IFM26013763 for ; Fri, 5 Aug 2005 18:15:22 GMT Message-ID: <42F3ACF2.9050905@tresys.com> Date: Fri, 05 Aug 2005 14:16:18 -0400 From: Joshua Brindle MIME-Version: 1.0 To: Colin Walters CC: selinux@tycho.nsa.gov Subject: Re: Red Hat's passwd References: <42F3904F.5080401@tresys.com> <1123261941.20237.9.camel@nexus.verbum.private> In-Reply-To: <1123261941.20237.9.camel@nexus.verbum.private> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov Colin Walters wrote: >On Fri, 2005-08-05 at 12:14 -0400, Joshua Brindle wrote: > > >>The attached patch removes the selinux code from Red Hat's passwd.c and >>uses the libselinux function checkPasswdAccess. >> >> > >This reminds me...there was some griping from people maintaining modules >which use libselinux about the name "checkPasswdAccess" in a shared >library targeted for wide use; could we get some namespacing here? This >is a good thing for preventing symbol collisions and also for aesthetic >and consistency reasons. Perhaps avc_check_passwd_permission or >security_check_passwd_permission or something? > > > yea, thats a bad name, and it has caps!@ >Renaming the function would be an API/ABI break, but it doesn't seem >like a function that could be applicable for more than a few programs at >most. > > yea, the problem is really upstreaming the change in whatever packages use it (shadow, and hopefully RH passwd) and some of Red Hats patches for things like vixie cron will also need to be fixed. Personally I'd rather not deal with a major version change needed for an api change. Granted it shouldn't be named that but it isn't crucial to fix it. We probably need to be more careful about what functions are exported in the future. Also, util-linux needs to be patched to use checkPasswdAccess (or whatever) rather than internally (which looks surprisingly similar to checkPasswdAccess) and there are probably more apps I'm missing. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.