Re: [exim-dev] Why does tls_dropprivs_validate_require_ciphe…

トップ ページ
このメッセージを削除
このメッセージに返信
著者: Phil Pennock
日付:  
To: Michael Haardt
CC: exim-dev, jgh
題目: Re: [exim-dev] Why does tls_dropprivs_validate_require_cipher() call fflush(NULL)?
On 2012-12-14 at 21:22 +0100, Michael Haardt wrote:
> > It's "flush all stdio streams which might have buffered data", which
> > seems appropriate before a security boundary transition.
>
> I know what it does, but why is it needed? Which stdio files are open at
> that time? If we don't know, how can we be sure that their descriptors
> should be inherited?


Actually, I mis-spoke: it was because of the fork(). C code I write
always does a fflush(NULL) before a fork(), to ensure that content
doesn't get doubled. I think I picked this habit up from a W. Richard
Stevens book (not sure, it's been too many years). It's that, more than
anything about any particular I/O stream.

Looking briefly at the codepaths, it looks like some logs going to
stderr may be in buffers at the point of the fork. I don't have time to
investigate further at this point.

Seriously, much as I'd be happy to see Sun4 compatibility restored[*], if
ANSI C stdio is to be avoided at this level, we may be in the territory
of "patches needed to build".

Regards,
-Phil

[*] My first serious Unix usage was SunOS 4, I have a soft spot in my
    heart for it.  But I can be a callous b'stard if needed.