Hi Paul,
When is it recommended to use these *-safer modules?
What I understand is: If one of the file descriptors 0, 1, 2 is
closed at program startup, and if you later use open() or fopen(), it
might be possible that printf or fprintf statements to stdout or stderr
are directed into this completely unrelated file.
But when does this occur? Does 'sh' or 'bash' invoke programs in this
state? Does Apache do so when running cgi-bin programs?
It is regarded as antisocial if a program starts another program with
some file descriptors in O_NONBLOCK mode. Or when a program starts
another program with a nonzero mask of ignored signals (sigprocmask).
Isn't passing closed descriptors 0, 1, or 2, of the same category?
And wouldn't there be an easier workaround: At the beginning of main(),
use fcntl() to determine whether 0,1,2 are closed, and if so, replace
them with open("/dev/null") ?
Just asking because I'm wondering whether not using these modules
in GNU gettext leads to bugs.
Bruno
