[musl] Re: Tweaking the program name for <err.h> functions
Alejandro Colomar
alx at kernel.org
Mon Mar 11 00:46:44 UTC 2024
Hi Thorsten,
On Mon, Mar 11, 2024 at 12:19:27AM +0000, Thorsten Glaser wrote:
> Rich Felker dixit:
>
> >the string literal, because the string literal appears in modular
> >library code that gets called from multiple utilities, then printing
> >an error message (and even worse, exiting, if you do that too), rather
> >than returning meaningful error information up to the caller for it to
> >handle/display, is just really sloppy, low-quality programming.
>
> Libraries totally should not call exit and thus not err/errx,
> and warn/warnx is… also questionable at best.
>
> But modularised code that builds a shared object and a few
> binaries using it? Why not.
>
> The thing I don’t get is why changing __progname is desired,
> but I guess everyone has use cases for something.
setuid programs. Consider that a setuid program accidentally opens a
privileged file in fd 2. Now what happens if a random user can trigger
that accident, and write arbitrary text to a privileged file, just by
calling that setuid program with execlp("su", "inject this stuff", ...)?
Bad stuff.
Have a lovely night!
Alex
>
> bye,
> //mirabilos
> --
> (gnutls can also be used, but if you are compiling lynx for your own use,
> there is no reason to consider using that package)
> -- Thomas E. Dickey on the Lynx mailing list, about OpenSSL
--
<https://www.alejandro-colomar.es/>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.freedesktop.org/archives/libbsd/attachments/20240311/11814745/attachment.sig>
More information about the libbsd
mailing list