Auditing code

[Matt Fisher]

I'd like to start auditing code for a few classes of defects. Would the
bugs list be the correct place to submit a pile of diffs?

The defect classes I'm looking at are gleaned from Ian Darwin and Geoff
Collyer's 1985 USENIX paper, Can't Happen [1]. BSD 4.2 took a beating
almost 25 years ago; OpenBSD still has some room for improvement.

Two examples:

- Check that input files aren't directories; indent doesn't check, and
  auditing would be an excuse to get my eyeballs on more code.

- Handle signals correctly, e.g.,

/* catch interrupts iff not ignoring them */
if (signal(SIGINT, SIG_IGN) != SIG_IGN)
(void) signal(SIGINT, onintr);

That last guideline seems to be honored in the breach, so I wonder if
it's become obsolete.

Thanks.

[1] http://www.literateprogramming.com/canthappen.pdf

-- 
Matt Fisher mfisher...@maine.rr.com

Re: Auditing code

[Theo de Raadt]

 I'd like to start auditing code for a few classes of defects. Would the
 bugs list be the correct place to submit a pile of diffs?

Just mail the people who last worked on the code, and if that does not
work, feel free to mail me and I will tell you who to talk to. 

 The defect classes I'm looking at are gleaned from Ian Darwin and Geoff
 Collyer's 1985 USENIX paper, Can't Happen [1]. BSD 4.2 took a beating
 almost 25 years ago; OpenBSD still has some room for improvement.

I think you are wrong.

 Two examples:
 
 - Check that input files aren't directories; indent doesn't check, and
   auditing would be an excuse to get my eyeballs on more code.

The kernel handles that.

% indent dir
indent: dir: Is a directory

 - Handle signals correctly, e.g.,
 
 /* catch interrupts iff not ignoring them */
 if (signal(SIGINT, SIG_IGN) != SIG_IGN)
 (void) signal(SIGINT, onintr);

I assume you are talking about resetting the signals when they are caught.
That is not required in BSD unix.

Unix has not stayed the same.  It seems that paper was written according
to ancient Unix.