Subject: Re: error function re-factoring.
To: Roland Illig <rillig@NetBSD.org>
From: Iain Hibbert <email@example.com>
Date: 07/29/2006 12:51:53
On Sat, 29 Jul 2006, Roland Illig wrote:
> Matthias Drochner wrote:
> > Whether error messages are printed or not... not
> > sure what is right. But if error messages are printed,
> > they should not contain the strings passed by the user
> > as they could contain escape sequences or sensitive
> > information.
> Would that mean that _all_ NetBSD utilities, even cat(1), would have to be
> rewritten to never output control characters when that is not expected? What
> would be the correct error message if a file whose name contains special
> characters cannot be found?
no, its the difference between
err(EXIT_FAILURE, *argv); /* bad */
err(EXIT_FAILURE, "%s", *argv); /* good */
as the first could possibly cause the program to print private data
pointed to from the stack.