[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openjdk-serviceability-dev
Subject:    Re: RFR: 8074812 More specific error message when the .java_pid well-known file is not secure
From:       Staffan Larsen <staffan.larsen () oracle ! com>
Date:       2015-03-13 7:38:09
Message-ID: 6C4F7440-5953-4347-B99C-2EA868BEE3E1 () oracle ! com
[Download RAW message or body]

Martin, Jaroslav: Thank you!

> On 12 mar 2015, at 18:47, Martin Buchholz <martinrb@google.com> wrote:
> 
> Looks good to me!
> 
> 
> On Thu, Mar 12, 2015 at 12:18 AM, Staffan Larsen <staffan.larsen@oracle.com \
> <mailto:staffan.larsen@oracle.com>> wrote: 
> > On 11 mar 2015, at 20:37, Martin Buchholz <martinrb@google.com \
> > <mailto:martinrb@google.com>> wrote: 
> > Producing good error messages is such hard work!
> 
> Aye. And so often forgotten.
> 
> > 
> > Instead of 0%3o, use 0%03o
> > Since you want to print the lowest 9 bits of the mode, don't you want & 0x1ff
> 
> Absolutely. I opted for the octal representation 0777 instead which seemed fitting \
> here. 
> new webrev: http://cr.openjdk.java.net/~sla/8074812/webrev.02/ \
> <http://cr.openjdk.java.net/~sla/8074812/webrev.02/> 
> Thanks,
> /Staffan
> 
> 
> > 
> > On Wed, Mar 11, 2015 at 2:30 AM, Staffan Larsen <staffan.larsen@oracle.com \
> > <mailto:staffan.larsen@oracle.com>> wrote: Thanks for the feedback. Here is a new \
> > version that prints out more details for each of the errors messages. Let me know \
> > if you have suggestions for better wording. It also adds an #include for jvm.h \
> > that was missing from some of the files (it is needed for jio_snprintf). 
> > webrev: http://cr.openjdk.java.net/~sla/8074812/webrev.01/ \
> > <http://cr.openjdk.java.net/~sla/8074812/webrev.01/> 
> > /Staffan
> > 
> > > On 10 mar 2015, at 19:07, Martin Buchholz <martinrb@google.com \
> > > <mailto:martinrb@google.com>> wrote: 
> > > 
> > > 
> > > On Tue, Mar 10, 2015 at 10:53 AM, Jaroslav Bachorik \
> > > <jaroslav.bachorik@oracle.com <mailto:jaroslav.bachorik@oracle.com>> wrote: 
> > > This just got me thinking - would including [sb.st_uid, uid] and [sb.st_gid, \
> > > gid] in the error message be of any additional benefit? 
> > > Yes.  How much do you want to improve the quality of error messages?
> > > 
> > > You could use the word "effective" only when effective and real users don't \
> > > match. You could print out the two mismatched values. 
> > 
> > 
> 
> 


[Attachment #3 (unknown)]

<html><head><meta http-equiv="Content-Type" content="text/html \
charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: \
space; -webkit-line-break: after-white-space;" class="">Martin, Jaroslav: Thank \
you!<div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On \
12 mar 2015, at 18:47, Martin Buchholz &lt;<a href="mailto:martinrb@google.com" \
class="">martinrb@google.com</a>&gt; wrote:</div><br \
class="Apple-interchange-newline"><div class=""><div dir="ltr" class="">Looks good to \
me!<div class=""><br class=""></div></div><div class="gmail_extra"><br class=""><div \
class="gmail_quote">On Thu, Mar 12, 2015 at 12:18 AM, Staffan Larsen <span dir="ltr" \
class="">&lt;<a href="mailto:staffan.larsen@oracle.com" target="_blank" \
class="">staffan.larsen@oracle.com</a>&gt;</span> wrote:<br class=""><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div style="word-wrap:break-word" class=""><br class=""><div \
class=""><span class=""><blockquote type="cite" class=""><div class="">On 11 mar \
2015, at 20:37, Martin Buchholz &lt;<a href="mailto:martinrb@google.com" \
target="_blank" class="">martinrb@google.com</a>&gt; wrote:</div><br class=""><div \
class=""><div dir="ltr" class="">Producing good error messages is such hard \
work!</div></div></blockquote><div class=""><br class=""></div></span>Aye. And so \
often forgotten.</div><div class=""><span class=""><br class=""><blockquote \
type="cite" class=""><div class=""><div dir="ltr" class=""><div class=""><br \
class=""></div><div class=""><pre class=""><span style="color:blue" class="">Instead \
of 0%3o, use 0%03o</span></pre><pre class="">Since you want to print the lowest 9 \
bits of the mode, don't you want &amp; \
0x1ff</pre></div></div></div></blockquote></span><div class="">Absolutely. I opted \
for the octal representation 0777 instead which seemed fitting here.</div><div \
class=""><br class=""></div><div class="">new webrev:&nbsp;<a \
href="http://cr.openjdk.java.net/~sla/8074812/webrev.02/" target="_blank" \
class="">http://cr.openjdk.java.net/~sla/8074812/webrev.02/</a></div><div \
class=""><br class=""></div><div class=""><div class="">Thanks,</div><div \
class="">/Staffan</div></div><span class=""><div class=""><br class=""></div><br \
class=""><blockquote type="cite" class=""><div class=""><div class="gmail_extra"><br \
class=""><div class="gmail_quote">On Wed, Mar 11, 2015 at 2:30 AM, Staffan Larsen \
<span dir="ltr" class="">&lt;<a href="mailto:staffan.larsen@oracle.com" \
target="_blank" class="">staffan.larsen@oracle.com</a>&gt;</span> wrote:<br \
class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px \
#ccc solid;padding-left:1ex"><div style="word-wrap:break-word" class="">Thanks for \
the feedback. Here is a new version that prints out more details for each of the \
errors messages. Let me know if you have suggestions for better wording. It also adds \
an #include for jvm.h that was missing from some of the files (it is needed \
for&nbsp;jio_snprintf).<div class=""><br class=""></div><div class="">webrev:&nbsp;<a \
href="http://cr.openjdk.java.net/~sla/8074812/webrev.01/" target="_blank" \
class="">http://cr.openjdk.java.net/~sla/8074812/webrev.01/</a></div><span \
class=""><font color="#888888" class=""><div class=""><br class=""></div><div \
class="">/Staffan</div></font></span><div class=""><div class=""><div class=""><br \
class=""><div class=""><blockquote type="cite" class=""><div class="">On 10 mar 2015, \
at 19:07, Martin Buchholz &lt;<a href="mailto:martinrb@google.com" target="_blank" \
class="">martinrb@google.com</a>&gt; wrote:</div><br class=""><div class=""><div \
dir="ltr" class=""><br class=""><div class="gmail_extra"><br class=""><div \
class="gmail_quote">On Tue, Mar 10, 2015 at 10:53 AM, Jaroslav Bachorik <span \
dir="ltr" class="">&lt;<a href="mailto:jaroslav.bachorik@oracle.com" target="_blank" \
class="">jaroslav.bachorik@oracle.com</a>&gt;</span> wrote:<br class=""><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><br class=""> This just got me thinking - would including \
[sb.st_uid, uid] and [sb.st_gid, gid] in the error message be of any additional \
benefit?<br class=""></blockquote><div class=""><br class=""></div><div \
class="">Yes.&nbsp; How much do you want to improve the quality of error \
messages?</div><div class=""><br class=""></div><div class="">You could use the word \
"effective" only when effective and real users don't match.</div><div class="">You \
could print out the two mismatched values.&nbsp;</div></div></div></div> \
</div></blockquote></div><br class=""></div></div></div></div></blockquote></div><br \
class=""></div> </div></blockquote></span></div><br \
class=""></div></blockquote></div><br class=""></div> </div></blockquote></div><br \
class=""></div></body></html>



[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic