Discussion of non-kernel related technical issues

Mouse | 21 May 2012 23:24

Re: Proposal: Add option to add dates to write(1)

>> Possibly, if you can come up with a way for "the receiver's
>> environment" to be (a) well-defined and (b) accessible to the
>> sender.
> ps(1) uses kvm_getenvv2(3).  I guess we'd agree that satisifies (a)
> but not (b) unless the sender is the super-user?

I wouldn't.  Part of the reason I mentioned (a) is that write is
writing to a tty, whereas environments are attached to processes; there
may well be 0, or >1, processes associated with the tty, for whatever
value of "associated" you end up using.  (Arguably, write should write
to a user, not a tty, with the historical behaviour of choosing a tty
to write to being a historical accident.  If you go with this point of
view, it makes things even worse.)

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML		mouse <at> rodents-montreal.org
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

James K. Lowden | 25 May 2012 02:52

Re: Proposal: Add option to add dates to write(1)

On Mon, 21 May 2012 17:24:46 -0400 (EDT)
Mouse <mouse <at> Rodents-Montreal.ORG> wrote:

> >> Possibly, if you can come up with a way for "the receiver's
> >> environment" to be (a) well-defined and (b) accessible to the
> >> sender.
> > ps(1) uses kvm_getenvv2(3).  I guess we'd agree that satisifies (a)
> > but not (b) unless the sender is the super-user?
> 
> I wouldn't.  Part of the reason I mentioned (a) is that write is
> writing to a tty, whereas environments are attached to processes;

That's a distinction without a difference.  Users own processes, and
only one user is logged in to any terminal.  who(1) manages to report
who's on what terminal.  

If that strikes you as a leap of logic, I can only say it's commonly
made:  

	$ man -k user | grep -E '^write|^wall'
	wall (1) - write a message to users
	write (1) - send a message to another user

I grant maybe using the user's environment to express a preference to
another process wasn't the brightest idea.  We can both think of better
ways; I offered another.  Are you opposed to the notion that the
recipient be able to express a preference for the write(1) message date
format, or are you really convinced it's technically infeasible or
unreliable?

(Continue reading)

Mouse | 25 May 2012 08:05

Re: Proposal: Add option to add dates to write(1)

>> Part of the reason I mentioned (a) is that write is writing to a
>> tty, whereas environments are attached to processes;
> That's a distinction without a difference.

I don't think so.  What if multiple processes are associated with the
tty (for whatever value of "associated with" you end up using) and they
have different values in their environments?  That's one of the places
"ill-defined" can come from.

What if the processes associated with the tty are owned by a different
user from the one logged in on that tty?

What if the user logged in on that tty does not own any processes on
the tty?  ...does not own any processes on the system at all?  (Either
one can happen; consider "exec su".)

> Users own processes, and only one user is logged in to any terminal.
> who(1) manages to report who's on what terminal.

Yes, but users don't have environments; processes do.

> I grant maybe using the user's environment to express a preference to
> another process wasn't the brightest idea.

Yeah...I haven't called that out specifically because I don't really
have anything to suggest that I think is much better.

> Are you opposed to the notion that the recipient be able to express a
> preference for the write(1) message date format, or are you really
> convinced it's technically infeasible or unreliable?

(Continue reading)

James K. Lowden | 29 May 2012 16:37

Re: Proposal: Add option to add dates to write(1)

On Fri, 25 May 2012 02:05:32 -0400 (EDT)
Mouse <mouse <at> Rodents-Montreal.ORG> wrote:

> I think it's a very sane thing to want.  I'm not convinced
> it's infeasible; I just haven't come up with a way of doing it that I
> consider reasonably sane

Fair enough.  Your primary concern seems to be how to decide which among
zero or more users "associated" with the terminal should write(1) pay
attention to.  

> >> Part of the reason I mentioned (a) is that write is writing to a
> >> tty, whereas environments are attached to processes;
> 
> What if multiple processes are associated with the tty 
...
> What if the user logged in on that tty does not own any processes on
> the tty?  

I might have gotten us sidetracked by introducing processes into the
discussion.  Processes are irrelevant because, as you pointed out,
we're not notifying processes with write.  We're notifying human
beings via the terminal.  The only things that matter ISTM are the
person and the terminal.  

I see no problem using the preferences of the logged-in user to
determine the date format of its message notice. It is both technically
unambiguous and meets the POLA test.  

That policy can be expressed unambiguously: write(1) consults the

(Continue reading)

Thor Lancelot Simon | 29 May 2012 16:46

Picon

Re: Proposal: Add option to add dates to write(1)

On Tue, May 29, 2012 at 10:37:56AM -0400, James K. Lowden wrote:
> On Fri, 25 May 2012 02:05:32 -0400 (EDT)
> Mouse <mouse <at> Rodents-Montreal.ORG> wrote:
> 
> I see no problem using the preferences of the logged-in user to
> determine the date format of its message notice. It is both technically
> unambiguous and meets the POLA test.  

I do.  I think it's well beyond crazy to invent a whole new kind of
persistent-locale for Unix systems just to add this feature to write(1).

For better or worse, locale settings on Unix are controlled by environment
variables.  Letting processes poke at each others' environment variables
is a very, very dangerous thing.  I cannot see sufficient benefit here to
justify it, either.

Thor

James K. Lowden | 30 May 2012 17:02

Re: Proposal: Add option to add dates to write(1)

On Tue, 29 May 2012 10:46:43 -0400
Thor Lancelot Simon <tls <at> panix.com> wrote:

> On Tue, May 29, 2012 at 10:37:56AM -0400, James K. Lowden wrote:
> > On Fri, 25 May 2012 02:05:32 -0400 (EDT)
> > Mouse <mouse <at> Rodents-Montreal.ORG> wrote:
> > 
> > I see no problem using the preferences of the logged-in user to
> > determine the date format of its message notice. It is both
> > technically unambiguous and meets the POLA test.  
> 
> I do.  I think it's well beyond crazy to invent a whole new kind of
> persistent-locale for Unix systems just to add this feature to write
> (1).
> 
> For better or worse, locale settings on Unix are controlled by
> environment variables.  Letting processes poke at each others'
> environment variables is a very, very dangerous thing.  I cannot see
> sufficient benefit here to justify it, either.

To rephrase: 

1.  This is a locale issue.
2.  Locales are governed by environments. 
3.  We must not use environments.
4.  Ergo, this issue cannot be addressed.  

I deny #1.  We're not discussing the date formatting conventions for
the locale.  We're discussing whether or not the date should be
included in the time string produced by write(1) and, if so, how the

(Continue reading)

Julian Djamil Fagir | 30 May 2012 19:22

Picon

Re: Proposal: Add option to add dates to write(1)

Hi,

> > It could be another subfield in gecos in /etc/password, or a
> > mod 644 ${HOME}/.writefmt file.  
> 
> Both options are completely in the user's control and absolutely safe
> from a security point of view.  (If there are security concerns with
> invalid format strings being passed to strftime(3), that's a bigger
> problem.)  
> 
> I don't need to explain to you that dot files in one's home directory
> are a common way to control behavior.  For an example of expressing a
> preference to a process not owned by the user, I refer you
> to .forward, a file so old it predates history, if the manual be our
> guide.  
> 
> Agreed, the complexity might not be worth it, fsvo of "it".  But the
> OP's proposal was more complex, requiring agreement between sender
> and recipient.  By using ~/.writefmt instead, write locates the user,
> attempts to open one file in his home directory and, if successful,
> uses the contained string to format the time.  Fallback is current
> behavior. It's small, safe, predictable, and convenient.  
so you want write(1) or group tty resp. to have even more permissions than
currently. And to fail when network is down because of nfs (home) hanging,
ldap hanging, or whatever.
There is no solution for this issue except for what I proposed. Everything
else involves technical complexity, defeating one of write's great pros.
An agreement between sender and recipient is not complex. For those who are
affected by my change, there's an agreement between sender and receiver
anyway about the terminal being used for communication and the terminal

(Continue reading)

Thor Lancelot Simon | 30 May 2012 20:00

Picon

Re: Proposal: Add option to add dates to write(1)

On Wed, May 30, 2012 at 07:22:26PM +0200, Julian Djamil Fagir wrote:
>
> There is no solution for this issue except for what I proposed.

Not all problems are worth solving.

Thor

James K. Lowden | 31 May 2012 07:13

Re: Proposal: Add option to add dates to write(1)

On Wed, 30 May 2012 19:22:26 +0200
Julian Djamil Fagir <gnrp <at> komkon2.de> wrote:

> > Agreed, the complexity might not be worth it, fsvo of "it".  But the
> > OP's proposal was more complex, requiring agreement between sender
> > and recipient.  By using ~/.writefmt instead, write locates the
> > user, attempts to open one file in his home directory and, if
> > successful, uses the contained string to format the time.  Fallback
> > is current behavior. It's small, safe, predictable, and
> > convenient.  
>
> so you want write(1) or group tty resp. to have even more permissions
> than currently. 

No.  Anyone can read a mode 644 file.  

> And to fail when network is down because of nfs (home) hanging, ldap
> hanging, or whatever.

Not ldap, surely.  who(1) looks in /var.  

Failing NFS-mounted home directories is a valid point.   I was trying
to avoid modifying anything besides write while keeping the user
in control.  

> Everything else involves technical complexity, defeating one of
> write's great pros.  

Your patch meets your needs, already works, and met no important
objection.  It should probably be accepted on that basis alone.  As the

(Continue reading)

Julian Djamil Fagir | 31 May 2012 12:52

Picon

Re: Proposal: Add option to add dates to write(1)

Hi,

I'm not really thinking anymore about really patching write, but just for
completion. 

> > > Agreed, the complexity might not be worth it, fsvo of "it".  But the
> > > OP's proposal was more complex, requiring agreement between sender
> > > and recipient.  By using ~/.writefmt instead, write locates the
> > > user, attempts to open one file in his home directory and, if
> > > successful, uses the contained string to format the time.  Fallback
> > > is current behavior. It's small, safe, predictable, and
> > > convenient.  
> >
> > so you want write(1) or group tty resp. to have even more permissions
> > than currently. 
> 
> No.  Anyone can read a mode 644 file.  
Thus having permissions in your home directory set.

> > And to fail when network is down because of nfs (home) hanging, ldap
> > hanging, or whatever.
> 
> Not ldap, surely.  who(1) looks in /var.  
Depending on your nss configuration, the system might first look into ldap
for gecos fields.

> *Because* it relies on administrative cooperation, however, I doubt the
> feature you've implemented has general utility.  It is subject to
> being forgotten or ignored because it's nonstandard and because only
> some recipients want it used.  I suspect most operators -- not yours,

(Continue reading)

Mouse | 31 May 2012 16:51

Re: Proposal: Add option to add dates to write(1)

> I'm not really thinking anymore about really patching write, but just
> for completion. 

I think it's worth thinking about even if all we do is think about it.
A better grasp of tradeoffs is rarely a bad thing. 

>> No.  Anyone can read a mode 644 file.
> Thus having permissions in your home directory set.

True, but there's nothing inconsistent about "if you want this to work,
the writer has to be able to read the file, including searching your
homedir".

>>> And to fail when network is down because of nfs (home) hanging,
>>> ldap hanging, or whatever.

A valid point.  This could be worked aorund by doing the lookup in a
child process, with a relatively short timeout in the parent.

The KISS argument has weight to me too; I am inclined to agree with the
people who've been saying that one of write's strengths is its
simplicity.  Given the original intended use case, perhaps this could
be done only when a particular flag is given on the command line?
Thus, it requires agreement from the sender, but only minimally, and
the strftime format is still supplied by the receiver.

I'm not sure I like it, but I dislike it less than anything else I've
seen suggested; this version actually, to me, makes the "is it worth
trying" cut (albeit not by much).

(Continue reading)

Mouse | 29 May 2012 17:46

Re: Proposal: Add option to add dates to write(1)

>> I think it's a very sane thing to want.  I'm not convinced it's
>> infeasible; I just haven't come up with a way of doing it that I
>> consider reasonably sane [...]
> Fair enough.  Your primary concern seems to be how to decide which
> among zero or more users "associated" with the terminal should
> write(1) pay attention to.

No, zero or more processes.  See below.

> I might have gotten us sidetracked by introducing processes into the
> discussion.  Processes are irrelevant because, as you pointed out,
> we're not notifying processes with write.  We're notifying human
> beings via the terminal.  The only things that matter ISTM are the
> person and the terminal.

Conceptually, I agree.

But if you're trying to express that human preference via environment
variables, that necessarily brings processes into it, because users
don't have environment variables and ttys don't have environment
variables - processes do.

> I see no problem using the preferences of the logged-in user to
> determine the date format of its message notice.  It is both
> technically unambiguous and meets the POLA test.

Agreed...*if* you can find a way to implement it, a way to attach that
preference to the user, without dragging other things into it that
introduce ambiguities (like processes).  There may be such a way, but
so far I haven't come up with, nor seen mentioned, one I think is sane

(Continue reading)

Return

Return to gmane.os.netbsd.devel.userlevel.

Search Archive

Language

Change language

Options

Current view: Threads only / Showing only 20 lines / Not hiding cited text.
Change to All messages, whole messages, or hide cited text.

Post a message
NNTP Newsgroup
Classic Gmane web interface
XML

XML

RSS Feed
List Information

About Gmane