GnuTLS (libgrypt really) and Postfix
Steven M. Bellovin
smb at cs.columbia.edu
Tue Feb 14 16:26:35 EST 2006
In message <87bqx9zm0h.fsf at wheatstone.g10code.de>, Werner Koch writes:
>On Tue, 14 Feb 2006 13:00:33 -0500, Steven M Bellovin said:
>
>> Let me suggest a C-compatible possibility: pass an extra parameter to
>> the library routines, specifying a procedure to call if serious errors
>> occur. If that pointer is null, the library can abort.
>
>I agree. However the case at hand is a bit different. I can't
>imagine how any application or upper layer will be able to recover
>from that error (ENOENT when opening /dev/random). Okay, the special
>file might just be missing and a mknod would fix that ;-). Is it the
>duty of an application to fix an incomplete installation - how long
>shall this be taken - this is not the Unix philosophy.
It can take context-specific error recovery. Maybe that's greying out
the "encrypt" button on a large GUI. Maybe it's paging the system
administrator. It can run 'mknod' inside the appropriate chroot
partition, much as /sbin/init on some systems creates /dev/console. It
can symlink /dev/geigercounter to /dev/random. It can load the kernel
module that implements /dev/random. It can do a lot of things that may
be more appropriate than exiting.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list