You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Jeff Trawick <tr...@attglobal.net> on 2002/05/10 22:41:52 UTC
beware of intermittent mod_auth failures...
...on Linux and AIX and perhaps some other platforms with a threaded
MPM and crypt() passwords. I saw it myself on AIX before teaching APR
to use crypt_r(). Somebody else at IBM saw it on both AIX and Linux.
This should be fixed as of a couple of hours ago on Linux and AIX. No
change should be necessary on Solaris, OS/390, and HP-UX. I dunno
about the other platforms where threads work well enough for Apache.
--
Jeff Trawick | trawick@attglobal.net
Born in Roswell... married an alien...
Re: beware of intermittent mod_auth failures...
Posted by Justin Erenkrantz <je...@apache.org>.
On Mon, May 13, 2002 at 06:47:00AM -0400, Jeff Trawick wrote:
> crypt() is fine if it uses thread-specific storage (like Solaris,
> OS/390, HP-UX); that's a better fix than adding crypt_r() since old
Are there any BSD-licensed sources that uses thread-specific
storage for crypt() that we can (attempt to) throw into Darwin's
libc? -- justin
Re: beware of intermittent mod_auth failures...
Posted by Jeff Trawick <tr...@attglobal.net>.
Justin Erenkrantz <je...@apache.org> writes:
> On Fri, May 10, 2002 at 04:41:52PM -0400, Jeff Trawick wrote:
> > ...on Linux and AIX and perhaps some other platforms with a threaded
> > MPM and crypt() passwords. I saw it myself on AIX before teaching APR
> > to use crypt_r(). Somebody else at IBM saw it on both AIX and Linux.
> >
> > This should be fixed as of a couple of hours ago on Linux and AIX. No
> > change should be necessary on Solaris, OS/390, and HP-UX. I dunno
> > about the other platforms where threads work well enough for Apache.
>
> Darwin looks like its screwed - it's using a static buffer.
crypt() is fine if it uses thread-specific storage (like Solaris,
OS/390, HP-UX); that's a better fix than adding crypt_r() since old
code just works and since you avoid the mess regarding the lack of a
standard interface to crypt_r()
(maybe I'll find time to write a test pgm to see if crypt() returns
thread-specific storage)
--
Jeff Trawick | trawick@attglobal.net
Born in Roswell... married an alien...
Re: beware of intermittent mod_auth failures...
Posted by Justin Erenkrantz <je...@apache.org>.
On Fri, May 10, 2002 at 04:41:52PM -0400, Jeff Trawick wrote:
> ...on Linux and AIX and perhaps some other platforms with a threaded
> MPM and crypt() passwords. I saw it myself on AIX before teaching APR
> to use crypt_r(). Somebody else at IBM saw it on both AIX and Linux.
>
> This should be fixed as of a couple of hours ago on Linux and AIX. No
> change should be necessary on Solaris, OS/390, and HP-UX. I dunno
> about the other platforms where threads work well enough for Apache.
Darwin looks like its screwed - it's using a static buffer. I don't
know if they plan on adding crypt_r for Jaguar (they hinted that a
lot of _r functions will be added).
I may drop them an email to see what their plans are wrt
crypt_r. -- justin