On Tue, 23 Oct 2012 12:21:42 -0400 Thor Lancelot Simon <tls%panix.com@localhost> wrote: > You appear to be ignoring the relevant standards. A process is > either threaded or it is not, and thus a shared object which > may be loaded into arbitrary processes must not use threads. I'm not ignoring the standards, I'm just not ignoring the situation, either. Something which used to soft-fail now hard-fails (correctly), and this has bitten someone who is now trying to work out what would make a temporary fix possible in similar situations. > Doing so in authentication software is just insane. In the > real world I live in, one needs to be particularly careful > with security software, not the other way around. Agreed. > Nasty hacks like subverting the protection against LD_PRELOAD > on setuid executables are not called for in a case like this. > If we resort to them, why should our users trust us to deliver > quality software? If you want the wild west, you can find > Debian's openssl patches over there ----->. I'm not advocating his hack, merely noting that there's a Real World reason why it has been suggested. It reminds me of the old joke, “Doctor, it hurts when I do this.” “Don't do that then.” As someone who uses Linux as well as BSD I see exactly the same thing happen “over there”. Sometimes the crazy hacks that distributions put in place are a response to upstream refusing to come to some interim compromise while the real problem gets fixed (if it gets fixed, of course). I agree that this is Not NetBSD's Problem, but I wonder how many people devise their own insane “solutions” to this sort of thing and are put at risk by the lack of an official workaround? I'm thinking particularly of less experienced folk, here. -- 3072D/F3A66B3A Julian Yon (2012 General Use) <pgp.2012%jry.me@localhost>
Attachment:
signature.asc
Description: PGP signature