You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Jeff Trawick <tr...@attglobal.net> on 2002/05/10 22:41:52 UTC

beware of intermittent mod_auth failures...

...on Linux and AIX and perhaps some other platforms with a threaded
MPM and crypt() passwords.  I saw it myself on AIX before teaching APR
to use crypt_r().  Somebody else at IBM saw it on both AIX and Linux.

This should be fixed as of a couple of hours ago on Linux and AIX.  No
change should be necessary on Solaris, OS/390, and HP-UX.  I dunno
about the other platforms where threads work well enough for Apache.
-- 
Jeff Trawick | trawick@attglobal.net
Born in Roswell... married an alien...

Re: beware of intermittent mod_auth failures...

Posted by Justin Erenkrantz <je...@apache.org>.

On Mon, May 13, 2002 at 06:47:00AM -0400, Jeff Trawick wrote:
> crypt() is fine if it uses thread-specific storage (like Solaris,
> OS/390, HP-UX); that's a better fix than adding crypt_r() since old

Are there any BSD-licensed sources that uses thread-specific
storage for crypt() that we can (attempt to) throw into Darwin's
libc?  -- justin

Re: beware of intermittent mod_auth failures...

Posted by Jeff Trawick <tr...@attglobal.net>.

Justin Erenkrantz <je...@apache.org> writes:

> On Fri, May 10, 2002 at 04:41:52PM -0400, Jeff Trawick wrote:
> > ...on Linux and AIX and perhaps some other platforms with a threaded
> > MPM and crypt() passwords.  I saw it myself on AIX before teaching APR
> > to use crypt_r().  Somebody else at IBM saw it on both AIX and Linux.
> > 
> > This should be fixed as of a couple of hours ago on Linux and AIX.  No
> > change should be necessary on Solaris, OS/390, and HP-UX.  I dunno
> > about the other platforms where threads work well enough for Apache.
> 
> Darwin looks like its screwed - it's using a static buffer.

crypt() is fine if it uses thread-specific storage (like Solaris,
OS/390, HP-UX); that's a better fix than adding crypt_r() since old
code just works and since you avoid the mess regarding the lack of a
standard interface to crypt_r()

(maybe I'll find time to write a test pgm to see if crypt() returns
thread-specific storage)

-- 
Jeff Trawick | trawick@attglobal.net
Born in Roswell... married an alien...

Re: beware of intermittent mod_auth failures...

Posted by Justin Erenkrantz <je...@apache.org>.

On Fri, May 10, 2002 at 04:41:52PM -0400, Jeff Trawick wrote:
> ...on Linux and AIX and perhaps some other platforms with a threaded
> MPM and crypt() passwords.  I saw it myself on AIX before teaching APR
> to use crypt_r().  Somebody else at IBM saw it on both AIX and Linux.
> 
> This should be fixed as of a couple of hours ago on Linux and AIX.  No
> change should be necessary on Solaris, OS/390, and HP-UX.  I dunno
> about the other platforms where threads work well enough for Apache.

Darwin looks like its screwed - it's using a static buffer.  I don't
know if they plan on adding crypt_r for Jaguar (they hinted that a
lot of _r functions will be added).

I may drop them an email to see what their plans are wrt
crypt_r.  -- justin