Re: inetd(8): continue or exit on error?

[tlaronde%polynum.com@localhost]

Le Mon, May 29, 2023 at 09:03:07AM -0000, Michael van Elst a écrit :
> tlaronde%polynum.com@localhost writes:
> 
> >It seems to me, since these are services, that the failure to load a
> >config is critical enough (since the server may be then servicing what
> >was not intended to be serviced; the reverse is less problematic)
> >to exit at least on this error.
> 
> inetd will service what is configured. Skipping an unparsable directive
> may have unwanted side effects, but so will a syntactically correct but
> otherwise wrong directive.
> 
> The impact of not providing some services in case of a syntax error
> can easily be as problematic or dangerous as a wrongly configured service
> that the parser is unable to detect.
> 
> If you want to protect against bad configurations, you could separate
> each service, e.g. chose a syntax without side effects or even use
> a config file per service.

We can not achieve "semantical" correctness: be able to "understand"
what the user wanted to do. But, at least, if a config file is not
reachable or if a directive is unparsable, there is obviously something
wrong.

If inetd is not running, if the administrator doesn't look at the logs,
he will very probably be reachable by phone or by email, and users will
be sure telling him that something is wrong...

At least, wouldn't it be worth to add a flag simply to parse and
validate the syntax without running the daemon?

And some log messages are problematic too:

DPRINTCONF("Syntax error; Exiting '%s'", CONFIG);

while it never exits: the function returns an invalid status code, and
the process goes on...
-- 
        Thierry Laronde <tlaronde +AT+ polynum +dot+ com>
                     http://www.kergis.com/
                    http://kertex.kergis.com/
Key fingerprint = 0FF7 E906 FBAF FE95 FD89  250D 52B1 AE95 6006 F40C