On Tuesday 2021-05-18 12:20, Johannes Meixner wrote:
If the rpmlint test inspects the compiled library and finds that it calls exit or abort then both behave malicious in the same way for end-users because for the user the program just gets "killed" without any chance to get a meaningful (error) message.
According to "man 3 abort" it seems abort is even more "brutal" than exit because "starting with glibc 2.27, abort() terminates the process without flushing streams".
Unlike exit however, abort raises SIGABRT, which in normal circumstances should generate a coredump and hence a stacktrace is available that shows how execution even got there in the first place.
exit or abort then both behave malicious in the same way for end-users because for the user the program just gets "killed"
In a way, that is a good thing. If the library quality is such that it needs to exit/abort (for non-fork cases) in the first place, you have to expect switching those exit functions out for a return code could cause (possibly silent) data corruption later on, because the remaining program is missing the flows necessary to support what was previously a [[noreturn]] scenario.
Simply put: In normal environments library calls must not terminate the caller.
Ideally yeah, but ideals got thrown out the window with this version of the library ;-)