md_syslog (was Re: [Mimedefang] Woes following an OS upgrade)

Philip Prindeville philipp_subx at redfish-solutions.com
Tue Nov 7 17:50:43 EST 2006


David F. Skoll wrote:

>Philip Prindeville wrote:
>
>  
>
>>Hmm.  syslog() already has printf-style formatting... should the wrapper
>>occlude that functionality?
>>    
>>
>
>Yes, because it's superfluous in Perl.  Just use variable interpolation
>directly.
>  
>

Doesn't work with hex, or floats, etc. obviously.  Just strings and
integers.


>>And what about callers that have to call sprintf directly if they want to
>>handle multiple arguments?
>>    
>>
>
>See above.  There's never any need in Perl to use printf-style formatters.
>(Well, *hardly* any.  In the unlikely case that you want something like %.10s,
>you can use sprintf.)
>  
>

Except for hex, floats, packs, return values from function calls
like inet_ntoa(), etc.


>>How likely is it that there are callers that pass "%" in the message
>>string?
>>    
>>
>
>Any caller that has a variable as part of the second argument would have to
>sanitize it.  Having the wrapper explicitly provide a "%s" template
>makes it much safer and less error-prone.
>
>--
>David.
>
>  
>

Sure.  But less functional, too.

I understand that there's a danger going down that path...

Ok, what if we added md_syslog_ and had md_syslog() call into
it with "%s" as the format specifier?  That way you could have
the functionality, without having existing clients risk damage.

-Philip






More information about the MIMEDefang mailing list