[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: bug in openlog()
From: |
Christopher Allen Wing |
Subject: |
Re: bug in openlog() |
Date: |
Wed, 9 Jan 2002 14:54:31 -0500 (EST) |
Axel:
> On Friday 21 December 2001 23:19, Ulrich Drepper wrote:
> > Of course it can hurt. ?Somebody might depend on this behavior. ?It's
> > just like putenv(), the user can change the string afterwards.
>
> If they depend on this behavior. aren't they doing something wrong?
openlog() has a bad quirk, but unfortunately it is a standardized quirk,
because everybody used the same code from BSD.
> I might be wrong but it's just like depending like with"c = a() + b();" that
> a is called before b. 99% of the times it will be this case but not always,
> and if future revisions break your exception it's your fault.
That would be my attitude if it was up to me, but I am not in charge of
glibc. I guess the best thing to do would be to come up with a better
logging interface that fixes the other more serious problems with syslog:
- syslog isn't reliable
- syslog isn't secure
- et cetera
> Imagine folliwing use of openlog
>
> void my_open()
> {
> char myname[100];
> snprintf(myname, 100, "%s%d%s", borc, corc, dorc);
> openlog(myname, LOG_PID, LOG_DAEMON);
> }
>
> Is it commonly known / obvious that this will result in a crash? (myname
> gets invalid when leaving the function).
I don't know how many people are aware of this. It isn't documented
anywhere that I know of on Linux, HP-UX, or Solaris.
Here is my proposed documentation patch to the glibc info documents to
make this explicit:
http://www.engin.umich.edu/caen/systems/Linux/code/patches/glibc-2.2.4-manual.patch
glibc people, is this patch okay?
Thanks,
Chris Wing
address@hidden