Re: openssl(1) not error exiting on full file system

2017-08-11 Thread Craig Skinner
Ping:

On Tue, 11 Apr 2017 11:28:38 +0100 Craig Skinner wrote:
> Hi again,
> 
> On 2017-04-10 Mon 14:31 PM |, Craig Skinner wrote:
> > On Mon, 10 Apr 2017 12:46:03 +0100 Craig Skinner wrote:
> > > $ openssl enc -bf -salt \
> > >   -pass file:/etc/myname -in /bsd \
> > >   -out /altroot/tmp/bsd.crypto
> > > 
> > > /altroot: write failed, file system is full
> > > $ print $?
> > > 0
> > 
> 
> openssl error exits for other output file creation problems:
> 

...
..


http://marc.info/?l=openbsd-tech=149190654818169
http://marc.info/?t=14918248523



Re: openssl(1) not error exiting on full file system

2017-04-11 Thread Ingo Schwarze
Hi Theo,

Theo de Raadt wrote on Tue, Apr 11, 2017 at 08:13:24AM -0600:

> Sure.. or, make some comments about it being highly non-portable.
> It isn't even really a BSD'ism.  The idea is a flop.  I wonder if
> it was an attempt to pull a VMS idea.

Here is a stronger version.
I like that even better than the first one.
It also gets rid of the filler words noticed by Franco.

OK?
  Ingo


Index: sysexits.3
===
RCS file: /cvs/src/share/man/man3/sysexits.3,v
retrieving revision 1.12
diff -u -r1.12 sysexits.3
--- sysexits.3  30 Dec 2015 16:41:52 -  1.12
+++ sysexits.3  11 Apr 2017 14:26:56 -
@@ -37,10 +37,10 @@
 .Sh SYNOPSIS
 .In sysexits.h
 .Sh DESCRIPTION
-Some programs use defined error codes to distinguish between possible errors.
-However, most programs in
-.Ox
-do not.
+A few programs exit with the following obsolete, non-portable error
+codes that were invented for legacy
+.Sy sendmail .
+Do not use them.
 .Pp
 The successful exit is always indicated by a status of 0, or
 .Dv EX_OK .



Re: openssl(1) not error exiting on full file system

2017-04-11 Thread Franco Fichtner

> On 11. Apr 2017, at 4:09 PM, Ingo Schwarze  wrote:
> 
> Index: sysexits.3
> ===
> RCS file: /cvs/src/share/man/man3/sysexits.3,v
> retrieving revision 1.12
> diff -u -r1.12 sysexits.3
> --- sysexits.330 Dec 2015 16:41:52 -  1.12
> +++ sysexits.311 Apr 2017 14:06:19 -
> @@ -40,7 +40,7 @@
> Some programs use defined error codes to distinguish between possible errors.
> However, most programs in
> .Ox
> -do not.
> +do not, and using these codes in additional programs is not recommended.
> .Pp
> The successful exit is always indicated by a status of 0, or
> .Dv EX_OK .

Why not drop trivia from the file instead?  "Some programs", "however",
"most programs", ".Ox", "additional programs".  ;)


Re: openssl(1) not error exiting on full file system

2017-04-11 Thread Theo de Raadt
Sure.. or, make some comments about it being highly non-portable.

It isn't even really a BSD'ism.  The idea is a flop.  I wonder if
it was an attempt to pull a VMS idea.

> I'd like to make that plainer.  It isn't the first time people
> waste time reading sysexits(3) and arguing about it.
> 
> OK?
>   Ingo
> 
> 
> Index: sysexits.3
> ===
> RCS file: /cvs/src/share/man/man3/sysexits.3,v
> retrieving revision 1.12
> diff -u -r1.12 sysexits.3
> --- sysexits.330 Dec 2015 16:41:52 -  1.12
> +++ sysexits.311 Apr 2017 14:06:19 -
> @@ -40,7 +40,7 @@
>  Some programs use defined error codes to distinguish between possible errors.
>  However, most programs in
>  .Ox
> -do not.
> +do not, and using these codes in additional programs is not recommended.
>  .Pp
>  The successful exit is always indicated by a status of 0, or
>  .Dv EX_OK .

1



Re: openssl(1) not error exiting on full file system

2017-04-11 Thread Ingo Schwarze
Hi,

Theo de Raadt wrote on Tue, Apr 11, 2017 at 07:08:30AM -0600:

> sysexits.h is a thing that came from sendmail, and only a few things
> use it.  Further use isn't encouraged.

I'd like to make that plainer.  It isn't the first time people
waste time reading sysexits(3) and arguing about it.

OK?
  Ingo


Index: sysexits.3
===
RCS file: /cvs/src/share/man/man3/sysexits.3,v
retrieving revision 1.12
diff -u -r1.12 sysexits.3
--- sysexits.3  30 Dec 2015 16:41:52 -  1.12
+++ sysexits.3  11 Apr 2017 14:06:19 -
@@ -40,7 +40,7 @@
 Some programs use defined error codes to distinguish between possible errors.
 However, most programs in
 .Ox
-do not.
+do not, and using these codes in additional programs is not recommended.
 .Pp
 The successful exit is always indicated by a status of 0, or
 .Dv EX_OK .



Re: openssl(1) not error exiting on full file system

2017-04-11 Thread Theo de Raadt
> On 2017-04-10 Mon 14:31 PM |, Craig Skinner wrote:
> > On Mon, 10 Apr 2017 12:46:03 +0100 Craig Skinner wrote:
> > > $ openssl enc -bf -salt \
> > >   -pass file:/etc/myname -in /bsd \
> > >   -out /altroot/tmp/bsd.crypto
> > > 
> > > /altroot: write failed, file system is full
> > > $ print $?
> > > 0
> > 
> 
> openssl error exits for other output file creation problems:
> 
> $ openssl bf -pass file:/etc/myname -in /bsd -out 
> /var/empty/bsd.crypto
> /var/empty/bsd.crypto: Permission denied
> 2133286928:error:0200100D:system library:fopen:Permission 
> denied:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/bio/bss_file.c:255:fopen('/var/empty/bsd.crypto',
>  'w')
> 2133286928:error:20074002:BIO routines:FILE_CTRL:system 
> lib:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/bio/bss_file.c:257:
> $ print $?
> 1
> $ openssl bf -pass file:/etc/myname -in /bsd -out 
> /no/where/bsd.crypto
> /no/where/bsd.crypto: No such file or directory
> 2216844688:error:02001002:system library:fopen:No such file or 
> directory:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/bio/bss_file.c:255:fopen('/no/where/bsd.crypto',
>  'w')
> 2216844688:error:20074002:BIO routines:FILE_CTRL:system 
> lib:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/bio/bss_file.c:257:
> $ print $?
> 1
> 
> > 
> > Would 74 from sysexits.h be the code to return?:
> > EX_IOERR -- An error occurred while doing I/O on some file.
> > 
> 
> Perhaps this is more relevant:
> 
> EX_CANTCREAT -- A (user specified) output file cannot be created.

sysexits.h is a thing that came from sendmail, and only a few things
use it.  Further use isn't encouraged.

Most tools exit upon error without providing a refined error code.



Re: openssl(1) not error exiting on full file system

2017-04-11 Thread Craig Skinner
Hi again,

On 2017-04-10 Mon 14:31 PM |, Craig Skinner wrote:
> On Mon, 10 Apr 2017 12:46:03 +0100 Craig Skinner wrote:
> > $ openssl enc -bf -salt \
> > -pass file:/etc/myname -in /bsd \
> > -out /altroot/tmp/bsd.crypto
> > 
> > /altroot: write failed, file system is full
> > $ print $?
> > 0
> 

openssl error exits for other output file creation problems:

$ openssl bf -pass file:/etc/myname -in /bsd -out 
/var/empty/bsd.crypto
/var/empty/bsd.crypto: Permission denied
2133286928:error:0200100D:system library:fopen:Permission 
denied:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/bio/bss_file.c:255:fopen('/var/empty/bsd.crypto',
 'w')
2133286928:error:20074002:BIO routines:FILE_CTRL:system 
lib:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/bio/bss_file.c:257:
$ print $?
1
$ openssl bf -pass file:/etc/myname -in /bsd -out 
/no/where/bsd.crypto
/no/where/bsd.crypto: No such file or directory
2216844688:error:02001002:system library:fopen:No such file or 
directory:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/bio/bss_file.c:255:fopen('/no/where/bsd.crypto',
 'w')
2216844688:error:20074002:BIO routines:FILE_CTRL:system 
lib:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/bio/bss_file.c:257:
$ print $?
1

> 
> Would 74 from sysexits.h be the code to return?:
> EX_IOERR -- An error occurred while doing I/O on some file.
> 

Perhaps this is more relevant:

EX_CANTCREAT -- A (user specified) output file cannot be created.

Cheers,
-- 
Craig Skinner | http://linkd.in/yGqkv7



Re: openssl(1) not error exiting on full file system

2017-04-10 Thread Craig Skinner
On Mon, 10 Apr 2017 12:46:03 +0100 Craig Skinner wrote:
> $ openssl enc -bf -salt \
>   -pass file:/etc/myname -in /bsd \
>   -out /altroot/tmp/bsd.crypto
> 
> /altroot: write failed, file system is full
> $ print $?
> 0

Whoops;- I forgot to mention this is a default 6.0 release machine:

$ uname -msrv
OpenBSD 6.0 GENERIC#1917 i386


Would 74 from sysexits.h be the code to return?:
EX_IOERR -- An error occurred while doing I/O on some file.


Thanks,
-- 
Craig Skinner | http://linkd.in/yGqkv7



openssl(1) not error exiting on full file system

2017-04-10 Thread Craig Skinner
Hello,

When encrypting a file with openssl(1),
it exits cleanly when there is not enough disk space:

$ df /altroot
Filesystem SizeUsed   Avail Capacity  Mounted on
/dev/wd1a  100M   52.5M   42.7M55%/altroot
$ while cp /bsd /altroot/tmp/bsd.${RANDOM}
> do
> df /altroot
> done
Filesystem SizeUsed   Avail Capacity  Mounted on
/dev/wd1a  100M   62.9M   32.3M66%/altroot
Filesystem SizeUsed   Avail Capacity  Mounted on
/dev/wd1a  100M   73.3M   21.9M77%/altroot
Filesystem SizeUsed   Avail Capacity  Mounted on
/dev/wd1a  100M   83.7M   11.5M88%/altroot
Filesystem SizeUsed   Avail Capacity  Mounted on
/dev/wd1a  100M   94.0M1.1M99%/altroot

/altroot: write failed, file system is full
cp: /altroot/tmp/bsd.25298: No space left on device
$ df /altroot
Filesystem SizeUsed   Avail Capacity  Mounted on
/dev/wd1a  100M   95.1M   36.0K   100%/altroot
$ ls -lh /altroot/tmp/
total 87328
-rw-r-  1 operator  wheel  10.4M Apr 10 12:22 bsd.16165
-rw-r-  1 operator  wheel  10.4M Apr 10 12:21 bsd.16877
-rw-r-  1 operator  wheel   1.1M Apr 10 12:22 bsd.25298
-rw-r-  1 operator  wheel  10.4M Apr 10 12:22 bsd.728
-rw-r-  1 operator  wheel  10.4M Apr 10 12:22 bsd.7450
$ rm /altroot/tmp/bsd.25298
remove /altroot/tmp/bsd.25298? y
$ cp /bsd /altroot/tmp/bsd.25298

/altroot: write failed, file system is full
cp: /altroot/tmp/bsd.25298: No space left on device
$ print $?
1
$ rm /altroot/tmp/bsd.25298
remove /altroot/tmp/bsd.25298? y
$ df /altroot
Filesystem SizeUsed   Avail Capacity  Mounted on
/dev/wd1a  100M   94.0M1.1M99%/altroot
$ openssl enc -bf -salt \
-pass file:/etc/myname -in /bsd \
-out /altroot/tmp/bsd.crypto

/altroot: write failed, file system is full
$ print $?
0
$ ls -lh /altroot/tmp/
total 87424
-rw-r-  1 operator  wheel  10.4M Apr 10 12:22 bsd.16165
-rw-r-  1 operator  wheel  10.4M Apr 10 12:21 bsd.16877
-rw-r-  1 operator  wheel  10.4M Apr 10 12:22 bsd.728
-rw-r-  1 operator  wheel  10.4M Apr 10 12:22 bsd.7450
-rw-r-  1 operator  wheel   1.1M Apr 10 12:26 bsd.crypto


Bug?
-- 
Craig Skinner | http://linkd.in/yGqkv7