commit: 912e8d4cffe2e7159b11282a215e53b2d1168258
parent b2319643b0fff5110d911f260b2310c5d13b46fd
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date: Wed, 15 Nov 2023 04:48:07 +0100
notes/unix-defects: resolv has res_query but non-standard
Diffstat:
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/notes/unix-defects.xhtml b/notes/unix-defects.xhtml
@@ -13,7 +13,7 @@
<h3 id="lists"><code>NULL</code>-Terminated lists</h3>
<dd>
- <dt>Slow to parse</dt><dd>Time taken to obtain the length increases with each <em>byte</em> aka <code class="math">O(n)</code> while length prefix is constant-time aka <code class="math">O(1)</code>.</dd>
+ <dt>Slow to parse</dt><dd>Time taken to obtain the length increases with each <em>byte</em> aka <code role="math">O(n)</code> while length prefix is constant-time aka <code role="math">O(1)</code>.</dd>
<dt>Inefficient & Unsafe slices</dt><dd>For a slice without modifying the source, you still need to copy the wanted part and terminate it with <code>NULL</code>. While with length prefix you can reuse the source as-is via an offset (or pointer) and setting a different length.</dd>
<dt>Unsafe</dt><dd>How do you handle <code>NULL</code> being present in the middle of the list? Or <code>NULL</code> being absent?</dd>
</dd>
@@ -31,11 +31,12 @@
<h3 id="libnss"><code>nsswitch.conf</code>, <code>resolv.conf</code>, …</h3>
<p>
- Because falsely language-independent configurations with implementation-defined options are the best.<br />
- Please consider: Clean ABI; Virtual filesystems (could look like <a href="https://www.openwall.com/tcb/">tcb shadow</a> for <code>passwd</code>); or proper servers instead.
+ Because those configuration files ought to be trully language-independent rather than somewhat stuck to <code>libnss</code> (not Netscape/Mozilla SSL/TLS library) and <code>libresolv</code> by design and prone to creating a lot of problems when used by other programs (such as not dealing correctly with the <code>options</code> of <code>resolv.conf</code>).<br />
+ Please consider: Clean ABI; Proper servers; Virtual filesystems (could look like <a href="https://www.openwall.com/tcb/">tcb shadow</a> for <code>passwd</code>).<br />
+ See Also: <a href="https://skarnet.org/software/nsss/nsswitch.html">The problem with nsswitch</a> for the security angle.
</p>
<p>
- It's associated functions (<a href="#getaddrinfo"><code>getaddrinfo(3)</code></a>, <a href="#gethostbyname"><code>gethostbyname(3)</code></a>, …) also do not allow to do any query that aren't precooked for you, for example you cannot query DNS records like <code>SRV</code>, arguably it's DNS-specific but still ought to be present in a standard library.
+ By the way, while (<a href="#getaddrinfo"><code>getaddrinfo(3)</code></a>, <a href="#gethostbyname"><code>gethostbyname(3)</code></a>, …) are part of the POSIX standard, other functions like <code>res_query</code> to actually query DNS records (needed for <code>MX</code>, <code>SRV</code>, …) aren't standardized.
</p>
<h3 id="getaddrinfo"><code>getaddrinfo(3)</code></h3>