Firstly, it's a bit of a rant by someone with obviously strong opinions.
It is unfortunate that they don't provide specific examples for their
claims, which means we have to guess at their complaints.
Since I'm not a C programmer, I don't know if he's correct when he
says this:
For what it is worth (and in my opinion, it's not worth a lot - but it
lets you know where I'm coming from) I've been programming with C
professionally since 1987. "Professionally" means I get paid for it, it
doesn't mean I'm any good :-).
The implementaion in C is abysmal
Well, I find the procmail code ugly and hard to read. But that's a
stylistic thing. It is not something that I would ever show to someone
who was learning C. If that is what is meant by 'abysmal' then I would
have some sympathy with the view (although "have some sympathy with"
does not mean "agree with"!).
and is just as unreliable and
insecure as you would expect of any C code that doesn't check
return codes from system and library calls and uses fixed size
buffers with no bounds checking. (Core dumps? Check. CERT
advisory? Check.)
There are some things in the code that look pretty bad at first glance.
Partly because of the style of the procmail code.
To take one example, the 'malloc' system call that is used to request
memory from the operating system. As the author says, not checking
whether such a system call succeeded or failed would be a very bad
thing. And you can find places in the code where there seems to be a
call to 'malloc' and there is no check for failure. However, a longer
look would reveal that the standard 'malloc' is redefined by procmail's
own version which does more extensinve checking and assorted
jiggery-pokery to try to persuade the system to let it have some memory
space. If you didn't look hard enough and see that there was this
redefined malloc, it would indeed look like an unsafe piece of code. As
it is, you can argue that it is "hard to understand for someone who is
not familiar with what is going on" - but that is a very different
complaint.
What do you all think -- does this guy have some valid complaints
about procmail or is he ranting unjustifiably?
I think that there are valid complaints about procmail, but I don't
think that they are necessarily the same complaints as were implied.
But it is hard to be sure, given the non-specific nature of the
complaints.
Hope that's some help,
Martin
--
Martin McCarthy /</ PGP key available
`Procmail Companion' \>\ http://www.ancient-scotland.co.uk
Addison Wesley /</ http://www.ehabitat.demon.co.uk
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail