Subject: Re: fork(2) vs. pthread_create() (fwd)
To: Emmanuel Dreyfus <firstname.lastname@example.org>
From: Bill Studenmund <email@example.com>
Date: 06/11/2004 09:46:23
Content-Type: text/plain; charset=us-ascii
On Fri, Jun 11, 2004 at 07:24:20AM +0200, Emmanuel Dreyfus wrote:
> Bill Studenmund <firstname.lastname@example.org> wrote:
> > > Fix it and output a warning when a program does that?=20
> > How can you output a warning? You're in a library. You can't depend on
> > stdout or stderr, and trying to play with syslog seems wrong too.
> We are able to output error messages...
=46rom a library? No. You can't.
Sure, the application can output error messages, and it can ask library=20
routines to output error messages. But if a routine's not documented to=20
output anything, it can't just sprout an error message.
The crux of the problem is how do you, in the library, know that fd 1 or=20
fd 2 actually go to stdout or stderr? If you've been told to output=20
something (say a call to warnx()), it's reasonable to output to fd 2. But=
if you're in the middle of some other routine, you can't reasonably assume=
stderr. So you shouldn't print error messages.
The fact that libraries sometimes output to stderr is actually a security=
issue. Consider a daemon that has hooked something other than stderr to fd=
2. If you can trigger the program to call a routine that outputs an error=
(and/or you can trigger the conditions of the error), you can get=20
arbitrary data send down whatever's hooked to fd2.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (NetBSD)
-----END PGP SIGNATURE-----