From ametzler at downhill.at.eu.org Sat Mar 3 11:10:31 2007 From: ametzler at downhill.at.eu.org (Andreas Metzler) Date: Sat, 3 Mar 2007 11:10:31 +0100 Subject: Is invoking exit(2) in a library the right thing to do? Message-ID: <20070303101030.GB3852@downhill.g.la> Hej, currently log_fatal() ends up invoking exit(2). Is this really the right thing to do? It does not give applications using libgcrypt any chance to sanely handle fatal errors afaiui, for example by falling back on non-tls mode. http://bugs.debian.org/412328 thanks, cu andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure' From Moritz.Schulte at ruhr-uni-bochum.de Sat Mar 3 11:22:05 2007 From: Moritz.Schulte at ruhr-uni-bochum.de (Moritz Schulte) Date: Sat, 03 Mar 2007 11:22:05 +0100 Subject: Is invoking exit(2) in a library the right thing to do? In-Reply-To: <20070303101030.GB3852@downhill.g.la> References: <20070303101030.GB3852@downhill.g.la> Message-ID: <1172917325.15304.10.camel@localhost.localdomain> > currently log_fatal() ends up invoking exit(2). Is this really the > right thing to do? It does not give applications using libgcrypt any > chance to sanely handle fatal errors afaiui, for example by falling > back on non-tls mode. Hmm. The reason for exit is probably that log_fatal should be NEVER called unless something is REALLY fucked up. Especially in crypto applications it might be the best thing to do, since a serious bug in the library (or in the program) should not treated like "oh, well, that crypto feature is currently not available", but rather like "STOP!". My guess. Moritz From wk at gnupg.org Sun Mar 4 21:57:49 2007 From: wk at gnupg.org (Werner Koch) Date: Sun, 04 Mar 2007 21:57:49 +0100 Subject: Is invoking exit(2) in a library the right thing to do? In-Reply-To: <20070303101030.GB3852@downhill.g.la> (Andreas Metzler's message of "Sat\, 3 Mar 2007 11\:10\:31 +0100") References: <20070303101030.GB3852@downhill.g.la> Message-ID: <87hct0iv5e.fsf@wheatstone.g10code.de> On Sat, 3 Mar 2007 11:10, ametzler at downhill.at.eu.org said: > currently log_fatal() ends up invoking exit(2). Is this really the > right thing to do? It does not give applications using libgcrypt any Yes. It allows application to run an atexit handler. Libgcrypt even allows to register a dedicated handler: gcry_set_fatalerror_handler. In any case the process needs to terminate as their is a fatal error and something is going really wrong. Allow a process to continue is not a good idea because it allows bugs to lurk around for years without fixing. Such a bug is an indicator that something more severe might have gone wrong. Shalom-Salam, Werner From ametzler at downhill.at.eu.org Mon Mar 5 19:40:06 2007 From: ametzler at downhill.at.eu.org (Andreas Metzler) Date: Mon, 5 Mar 2007 19:40:06 +0100 Subject: Is invoking exit(2) in a library the right thing to do? In-Reply-To: <87hct0iv5e.fsf@wheatstone.g10code.de> References: <20070225204918.GA20260@bongo.bofh.it> <87hct0iv5e.fsf@wheatstone.g10code.de> Message-ID: <20070305184006.GC3756@downhill.g.la> On 2007-03-04 Werner Koch wrote: > On Sat, 3 Mar 2007 11:10, ametzler at downhill.at.eu.org said: > > currently log_fatal() ends up invoking exit(2). Is this really the > > right thing to do? It does not give applications using libgcrypt any > Yes. It allows application to run an atexit handler. Libgcrypt even > allows to register a dedicated handler: gcry_set_fatalerror_handler. > In any case the process needs to terminate as their is a fatal error > and something is going really wrong. Allow a process to continue is > not a good idea because it allows bugs to lurk around for years > without fixing. Such a bug is an indicator that something more severe > might have gone wrong. Hmm, in this specific case (libnns-ldap failing due to missing /dev/(u)random devices in early boot when connecting to the ldap server using a ssl protected session.) the only thing actually using gcrypt directly is gnutls. Should gnutls have setup an error handler using gcry_set_fatalerror_handler? cu andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'