Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20150304205458.GA14554@wilbur.25thandClement.com>
Date: Wed, 4 Mar 2015 12:54:58 -0800
From: William Ahern <william@...handClement.com>
To: musl@...ts.openwall.com
Subject: MUSL Feature Detection

I'm familiar with the policy that MUSL is not interested in adding version
macros, etc. I mostly agree with the policy, however there are some corner
cases where it's problematic.

I maintain a Lua bindings library to Unix APIs

	http://25thandclement.com/~william/projects/lunix.html

Unlike the most commonly used module, luaposix, my module tries to be as
thread-safe as possible. (It also supports "portable" but non-POSIX
interfaces.) That means using all the re-entrant versions of functions if
available. But some functions don't have re-entrant versions, such as
strsignal. In those cases I try to synthesize a safe version if possible and
practical, such as using sys_siglist if available.

Knowing whether an interface is thread-safe requires me inspecting the code
and basically documenting my findings inside the source code with
conditionals. I could _also_ do run-time checks, but that's more susceptible
to false negatives, and so I think it would only make sense to do that as a
back-stop. (Compile-time checks won't work for cross-compiling).

The vast majority of people don't pay attention to obscure thread-safety
issues, especially because the most popular platforms like Linux/glibc and
Solaris do a pretty decent job of implementing APIs in a thread-safe manner
(e.g. getenv, strsignal). This lack of interest is especially true in the
context of a library, and doubly so of a scripting module, where people just
assume the mode and the dependencies do the right thing, assuming they
bother worrying about it in the first place.

So you can see I'm stuck between a rock and a hard place. MUSL is probably
safe in most regards. It doesn't even do localization, so strsignal is safe.
But I have no easy way to _know_ that I'm building against MUSL without the
person compiling the module knowingly and explicitly changing the build
configuration.

So, is there any sort of sanctioned way to detect MUSL at all, version or no
version? Is there any interest in supporting any kind of feature detection,
such as an API that communicates implementation choices wrt unspecified and
undefined behavior.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.