[Bug libc/13983] __libc_message() shouldn't blindly write to STDERR_FILENO

["bugdal at aerifal dot cx" <sourceware-bugzilla at sourceware dot org>]

http://sourceware.org/bugzilla/show_bug.cgi?id=13983

Rich Felker <bugdal at aerifal dot cx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |bugdal at aerifal dot cx

--- Comment #4 from Rich Felker <bugdal at aerifal dot cx> 2012-04-16 04:55:59 UTC ---
Personally, I would flag this INVALID. The only times __libc_message message
are called are when the calling program has already invoked undefined behavior,
so there is no question of whether this violating requirements of POSIX; once
you invoke UB, POSIX has nothing more to say.

With that said, there is some security argument to be made for avoiding
potentially-dangerous writes. However, I think it's mostly nullified by the
stupidity of closing fd 2. The correct way to suppress stderr is to open
/dev/null and dup2 it onto fd 2. If you close any of the standard file
descriptors, it's your responsibility to make sure that no further file
descriptors are created, or if they are, that no functions that would perform
io on the new file descriptor expecting it to be one of the standard streams
can be called.

Note that isatty is not sufficient to avoid clobbering unrelated data; there
are plenty of non-interactive (even non-tty-like) uses for ptys, and one could
envision uses where erroneously writing text directed for stderr into them
could be very destructive.

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.