Re: iked(8): Undocumented -I and -P cli options

Thu, 26 Dec 2024 08:42:20 -0800 

On 2024/12/26 10:52, William Rusnack wrote:
> >Synopsis: The iked cli arg parser accepts the -I and -P options with no 
> >documentation in iked(8) or in the src itself as to what these flags do.
> >Category: bin
> >Description:
>       iked supports two undocumented flags, -I and -P, that appear to be 
> testing/development flags.
>       
>       What the code shows:
>       
>       The -P flag:
>       - Takes a process name argument (ca, control, or ikev2)
>       - Allows running iked as a specific child process type
>       - Used with process separation model
>       
>       The -I flag:
>       - Takes a numeric instance argument
>       - Appears to allow multiple instances of a process
>       - Interacts with -P flag
>       
>       These characteristics suggest test flags because:
>       1. They expose low-level process separation internals
>       2. They allow running components in isolation
>       3. They're excluded from both usage() and man page documentation
>       4. Multiple instance support seems oriented toward testing
> >Fix:
>       If these are test flags:
>       1. Adding a comment in the code marking them as test/debug flags
>       2. Adding DEVELOPMENT or TEST notations if they appear in usage()
>       3. Potentially guarding them with #ifdef DEBUG
>       
>       Alternatively, if they are intended for production use, they would need 
> documentation covering:
>       - Purpose of each flag
>       - Valid arguments
>       - How the flags interact
>       - Typical use cases
>       - Any warnings or requirements
>       - Examples of proper usage

Neither is true, they're not test flags, and not intended for the user
to specify - they're used internally for fork + exec, see proc_exec(),
added in this commit

-----
Date: 2023/03/04 22:22:50
Author: tobhe
Branch: HEAD
Tag: (none)
Log:
Sync proc.c from vmd(8) to enabled fork + exec for all processes. This gives
each process a fresh and unique address space to further improve randomization
of ASLR and stack protector.

ok bluhm@ patrick@

Members:
        ca.c:1.89->1.90
        control.c:1.34->1.35
        iked.c:1.62->1.63
        iked.h:1.208->1.209
        ikev2.c:1.362->1.363
        proc.c:1.36->1.37
        types.h:1.51->1.52
-----

I don't think they want documenting in the manual. Not sure whether it
makes sense to add comments, cvs blame finds the commit where they were
added quite easily.

Reply via email to