From Fedora Project Wiki

< Changes

Revision as of 15:45, 15 January 2019 by Besser82 (talk | contribs) (Add a hint about scrambling data)

libcrypt.so.1 (compatibility library for POSIX): Let encrypt, encrypt_r, setkey, setkey_r, and fcrypt return ENOSYS instead of performing any real operation

Summary

Remove real functionality from encrypt, encrypt_r, setkey, setkey_r, and fcrypt from the libxcrypt.so.1 compatibility library and let those functions set "errno" to "ENOSYS" when invoked.


Owner

  • Name: Björn Esser <besser82@fedoraproject.org>
  • Release notes owner:

Current status

  • Targeted release: Fedora 30
  • Last updated: 2019-01-15
  • Tracker bug: <will be assigned by the Wrangler>


Detailed Description

In the system-wide change: "Fully remove deprecated and unsafe functions from libcrypt" we propose to remove the named functions from the system default so-version of the crypt library, which is a pre-requirement for this change. It basically is a follow-up announcing to remove the real functionality from those functions in the POSIX-compatibility version of the crypt library as well, and replace them with fully POSIX-compilant stubs, that properly indicate those functions are not supported.

Besides that the encrypt{,_r} function will - for security reasons - additionally overwrite the data-block argument with random data.

This change was basically filed, because it may require additional documentation apart from the system-wide change, that is a pre-requirement for this one.

Benefit to Fedora

Third-party applications, which still use / require these unsafe functions cannot use them anymore, which is the key benefit of this change for our users.


Scope

  • Proposal owners: Implement the needed changes in the libxcrypt-compat package.
  • Other developers: N/A (not a System Wide Change)
  • Release engineering: N/A, as this is a follow-up of an already evaluated system-wide change.
  • Trademark approval: N/A (not needed for this Change)


Upgrade/compatibility impact

N/A (not a System Wide Change)


How To Test

N/A (not a System Wide Change)


User Experience

No impact, as nothing in the distribution uses those functions. Third-party applications that are distributed in pre-compiled / binary form only, may have a reduced set of features. Since POSIX explicitly states those functions shall set "errno" to "ENOSYS", if the functionality is not available nor implemented, third-party application that start to malfunction are broken by design.


Dependencies

N/A (not a System Wide Change)


Contingency Plan

Revert the change and rebuild libxcrypt.


Documentation

The version of the libcrypt.so.1 library included with Fedora 30 for POSIX-compatibility has entirely removed the functionality of the encrypt, encrypt_r, setkey, setkey_r, and fcrypt functions, while keeping fully binary compatibility with existing (third-party) applications possibly still using those funtions. If such an application attemps to call one of these functions, the corresponding function will indicate that it is not supported by the system in a POSIX-compliant way.

All existing binary executables linked against glibc's libcrypt should work unmodified with this version of the libcrypt.so.1 library supplied by the libxcrypt-compat package.


Release Notes

See the paragraph about documentation above.