--u3/rZRmxL6MmkK24
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Jun 11, 2004 at 07:24:20AM +0200, Emmanuel Dreyfus wrote:
> Bill Studenmund <wrstuden@netbsd.org> wrote:
>=20
> > > Fix it and output a warning when a program does that?=20
> > How can you output a warning? You're in a library. You can't depend on
> > stdout or stderr, and trying to play with syslog seems wrong too.
>=20
> We are able to output error messages...

=46rom a library? No. You can't.

Sure, the application can output error messages, and it can ask library=20
routines to output error messages. But if a routine's not documented to=20
output anything, it can't just sprout an error message.

The crux of the problem is how do you, in the library, know that fd 1 or=20
fd 2 actually go to stdout or stderr? If you've been told to output=20
something (say a call to warnx()), it's reasonable to output to fd 2. But=
=20
if you're in the middle of some other routine, you can't reasonably assume=
=20
stderr. So you shouldn't print error messages.

The fact that libraries sometimes output to stderr is actually a security=
=20
issue. Consider a daemon that has hooked something other than stderr to fd=
=20
2. If you can trigger the program to call a routine that outputs an error=
=20
(and/or you can trigger the conditions of the error), you can get=20
arbitrary data send down whatever's hooked to fd2.

Take care,

Bill

--u3/rZRmxL6MmkK24
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (NetBSD)

iD8DBQFAyeHfWz+3JHUci9cRAiWzAJ434qZfPUmFZ7RNK+hTZxR3Z64j0ACdFYx2
uZn/VJLGRyiA4EKlkO/3Mjg=
=OlCd
-----END PGP SIGNATURE-----

--u3/rZRmxL6MmkK24--