Subject: Re: fork(2) vs. pthread_create() (fwd)
To: Emmanuel Dreyfus <>
From: Bill Studenmund <>
List: tech-userlevel
Date: 06/11/2004 09:46:23
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Jun 11, 2004 at 07:24:20AM +0200, Emmanuel Dreyfus wrote:
> Bill Studenmund <> wrote:
> > > Fix it and output a warning when a program does that?=20
> > How can you output a warning? You're in a library. You can't depend on
> > stdout or stderr, and trying to play with syslog seems wrong too.
> We are able to output error messages...

=46rom a library? No. You can't.

Sure, the application can output error messages, and it can ask library=20
routines to output error messages. But if a routine's not documented to=20
output anything, it can't just sprout an error message.

The crux of the problem is how do you, in the library, know that fd 1 or=20
fd 2 actually go to stdout or stderr? If you've been told to output=20
something (say a call to warnx()), it's reasonable to output to fd 2. But=
if you're in the middle of some other routine, you can't reasonably assume=
stderr. So you shouldn't print error messages.

The fact that libraries sometimes output to stderr is actually a security=
issue. Consider a daemon that has hooked something other than stderr to fd=
2. If you can trigger the program to call a routine that outputs an error=
(and/or you can trigger the conditions of the error), you can get=20
arbitrary data send down whatever's hooked to fd2.

Take care,


Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.3 (NetBSD)