Re: dropping setuid/setgid privileges

[Bruno Haible]

Sam Steingold wrote:
> While I understand your reasons for using abort() instead of returning
> an error code,

abort() is being used when the code has a bug. abort() causes a core dump,
so that fellow developers can analyze and report the bug.

> The generous usage of abort() in these modules makes them unusable for CLISP.

You are free to modify the module locally, by use of a .diff file and of
gnulib-tool's --local-dir option.

> I do not think it is right for CLISP to die without a useful message.

You can substitute a call to error_notreached instead of abort.

> I urge you to avoid abort in favor of returning an error code and
> document that aborting on certain errors is the right behavior.

If I did this, the risk that a bug does not get reported would be too
high. For the average user, abort() is acceptable. (Note the module
is not suitable for use in libraries.)

Bruno