|
|
|
|
|
|
by winternewt
1033 days ago
|
|
|
"They" as in the software developers. I disagree that C as a language has any opinion on whether segfault (or undefined behavior) is an acceptable outcome for user input. That depends on the use case. Plugins are software, and all software can crash because validation is not just practically but even theoretically impossible for a Turing-complete language. But the fundamental difference is not in whether a crash can occur or not, but in your attitude to the crash: is it a software bug and hence should be fixed, or is it expected behavior and left as is? IMO the former attitude is almost always the correct one if the end user is anybody other than yourself. There may be performance concerns that make it worthwhile to accept a crash (and that's the reason we run plugins as in-process native code instead of in a separate process or VM) but in the case of nginx I strongly doubt performance would be affected noticeably by validation of config files. |
|
|