libcrypt.so.1 (compatibility library for POSIX): Let encrypt, encrypt_r, setkey, setkey_r, and fcrypt return ENOSYS instead of performing any real operation
Summary
Remove real functionality from encrypt, encrypt_r, setkey, setkey_r, and fcrypt from the libxcrypt.so.1 compatibility library and let those functions set "errno" to "ENOSYS" when invoked.
Owner
- Name: Björn Esser <besser82@fedoraproject.org>
- Release notes owner:
Current status
- Targeted release: Fedora 30
- Last updated: 2019-01-30
- Tracker bug: #1670735
- Release notes tracker: #292
Detailed Description
In the system-wide change: "Fully remove deprecated and unsafe functions from libcrypt" we propose to remove the named functions from the system default so-version of the crypt library, which is a pre-requirement for this change. It basically is a follow-up announcing to remove the real functionality from those functions in the POSIX-compatibility version of the crypt library as well, and replace them with fully POSIX-compilant stubs, that properly indicate those functions are not supported.
For security reasons, the encrypt{,r} functions will also overwrite their data-block argument with random bits.
This change was basically filed, because it may require additional documentation apart from the system-wide change, that is a pre-requirement for this one.
Benefit to Fedora
Third-party applications, which still use / require these unsafe functions cannot use them anymore, which is the key benefit of this change for our users.
Scope
- Proposal owners: Implement the needed changes in the libxcrypt-compat package.
- Other developers: N/A (not a System Wide Change)
- Release engineering: N/A, as this is a follow-up of an already evaluated system-wide change.
- Trademark approval: N/A (not needed for this Change)
Upgrade/compatibility impact
N/A (not a System Wide Change)
How To Test
N/A (not a System Wide Change)
User Experience
No impact, as nothing in the distribution uses those functions. Third-party applications that are distributed in pre-compiled / binary form only, may have a reduced set of features. Since POSIX explicitly states those functions shall set "errno" to "ENOSYS", if the functionality is not available nor implemented, third-party application that start to malfunction are broken by design.
Dependencies
N/A (not a System Wide Change)
Contingency Plan
Revert the change and rebuild libxcrypt.
Documentation
The version of the libcrypt.so.1 library included with Fedora 30 for POSIX-compatibility has entirely removed the functionality of the encrypt, encrypt_r, setkey, setkey_r, and fcrypt functions, while keeping fully binary compatibility with existing (third-party) applications possibly still using those funtions. If such an application attemps to call one of these functions, the corresponding function will indicate that it is not supported by the system in a POSIX-compliant way.
For security reasons, the encrypt{,r} functions will also overwrite their data-block argument with random bits.
All existing binary executables linked against glibc's libcrypt should work unmodified with this version of the libcrypt.so.1 library supplied by the libxcrypt-compat package.
Release Notes
See the paragraph about documentation above.