-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hello World stdout fd blackholes with some posted tutorials #18
Comments
Yes. I agree the site needs an overhaul. Especially to deal with NuxiNL/cloudabi#10. I'll try to work on this soon, also incorporating the suggestions you made here. To respond to this question:
They are not necessarily an attack surface, but there's also some cohesion/usability/orthogonality concerns to it. The main argument for omitting stdin/stdout/stderr is that they overlap with how int program_exec(int program, const argdata_t *ad, int stdin, int stdout, int stderr); But this is a slipperly slope: what would happen if someone comes along, saying int program_exec(int program, const argdata_t *ad, int stdin, int stdout, int stderr, int clock_realtime, int clock_monotonic, int prng, [...]); What I'd rather like to see is that if such features are ever needed, they are implemented without growing the API. They can all be passed in using argdata. If needed, we can work towards standards/conventions on what the schema of the argdata may look like. There's also the issue with file descriptor numbering. On UNIX systems there is already the issue that programs misbehave when launching them without file descriptors 0, 1 and 2 in place. The first files opened by the child process will end up having one of those numbers, meaning an Finally, omitting designated stdin/stdout/stderr file descriptors was also done to remove the mindset that only a single input/output source/sink exists. There's absolutely nothing against having multiple log streams for different subsystems in your application. |
Hello, I am trying to write my first CloudABI program, following along with the tutorials. I have a Clang-based CloudABI toolchain installed, along with cloudabi-run.
hello.c:
cloudabi.yml:
Trace:
So Hello World is never printed; no segmentation fault occurs, no error message about stdout access is presented. Furthermore, execution exits with a zero exit code, indicating "success".
Update
I looked at some more examples and see that file descriptor
1
appears to no longer work out of the box as stdout in CloudABI. I changed my code to:And am now able to build and run my lil app! This one is a polyglot, so it compiles and runs with either plain vanilla Clang or with CloudABI. Also, CloudABI appears to work with more modern Clang/LLVM/LLD versions, including v6.0. Could we update the documentation to reflect this?
Could we update the different per-OS tutorials to fix the stdout file descriptor part?
A larger question is why are guarded? I thought CloudABI was meant to protect sensitive components that can break a system. Do stdout/stderr somehow contribute to an increased attack surface?
The text was updated successfully, but these errors were encountered: