Re: Pledge error handling

2016-04-15 Thread Theo de Raadt 
>I noticed there are (at least 2) diferent ways to handle a pledge error (eg=
>: /usr/src/usr.bin/):
>If (pledge(args, NULL) =3D=3D -1)
>. err(1, "pledge"); (wc; w; ..)
>. perror("pledge"); exit(EXIT_CODE); (vi; openssl; ...)
>
>I am not familiar with the case of use of each function but perror + exit i=
>snt the same as err ?
>Can we use just one function (either error or perror) to handle pledge
>I've also seen the use of fatal(...) I guess this might be another mechanis=
>m which is useful.

We use the style of the existing code.

Re: Pledge error handling

2016-04-03 Thread Héctor Luis Gimbatti 
For the specific case of openssl:
It uses perror with only one exception for which I include a diff below.
It would be no hard to replace each perror(str) + exit(1) by err(1, str)
I don’t know which is better

Cheers

Index: openssl.c
===
RCS file: /cvs/src/usr.bin/openssl/openssl.c,v
retrieving revision 1.23
diff -u -p -r1.23 openssl.c
--- openssl.c   1 Dec 2015 12:01:56 -   1.23
+++ openssl.c   4 Apr 2016 03:16:08 -
@@ -439,7 +439,7 @@ main(int argc, char **argv)
arg.count = 0;

if (pledge("stdio inet dns rpath wpath cpath proc flock tty", NULL) == 
-1) {
-   fprintf(stderr, "openssl: pledge: %s\n", strerror(errno));
+   perror("pledge");
exit(1);
}

Re: Pledge error handling

2016-04-03 Thread Michael McConville 
Héctor Luis Gimbatti wrote:
> I noticed there are (at least 2) diferent ways to handle a pledge
> error (eg: /usr/src/usr.bin/):
> 
> If (pledge(args, NULL) == -1)
> . err(1, "pledge"); (wc; w; ..)
> . perror("pledge"); exit(EXIT_CODE); (vi; openssl; ...)
> 
> I am not familiar with the case of use of each function but perror +
> exit isnt the same as err ? Can we use just one function (either error
> or perror) to handle pledge
> 
> I've also seen the use of fatal(...) I guess this might be another
> mechanism which is useful.

Some of these are meant to conform to the style conventions of codebases
that are otherwise only imported (not developed by OpenBSD). For cases
like Open^WLibreSSL and Libre^WOpenSSH, though, patches are welcome.
There was a thread about this a few months ago. IIRC, doug@ and djm@
pointed out that all such codebases' compat files define common err.h
functions, and that those functions are nicer looking.

Pledge error handling

2016-04-03 Thread Héctor Luis Gimbatti 
Greetings,

I noticed there are (at least 2) diferent ways to handle a pledge error (eg: 
/usr/src/usr.bin/):
If (pledge(args, NULL) == -1)
. err(1, "pledge"); (wc; w; ..)
. perror("pledge"); exit(EXIT_CODE); (vi; openssl; ...)

I am not familiar with the case of use of each function but perror + exit isnt 
the same as err ?
Can we use just one function (either error or perror) to handle pledge
I've also seen the use of fatal(...) I guess this might be another mechanism 
which is useful.

Cheers
--- HLG