Re: where to start?

[Gigi Sullivan <sullivan@sikurezza.org>]

Aiee :)

	Hello!

> On Sat, 10 Jun 2000, Mathijs Mohlmann wrote:
> 
> > Which brings me to my next question. How far should we go? 
> > Imagine a function that just can't take a null pointer as
> > argument. Every caller checks to make sure that no null 
> > pointer is passed. Should we introduce in extra sanity check
> > in that function to make absolutly sure? If we do that we
> > prevent a lot of future bugs from happening. On the other 
> > hand we can forget about mainstream kernel inclusion.

	We have to take care about performance however.

	It's true that we should audit kernel sources, but adding
	too much sanities check could slow down kernel performance
	and this isn't good.

	It's true that a simple check (which complexity could be O(1))
	is pointless here, but keep in mind that quite often there's
	a huge call trace on the stack; we call many routines `at a time',
	and this could slow down operations if too many sanities check were
	added ...

	Kernel developers (or wannabe) should use and pass properly arguments
	to the routines they call.

	What we should be aware of is about kernel semanthics (see the
	recent capability issue).

	This is not a rule, obviously, but it's important.

	I guess that we have to keep this in mind, always ...

	All above is IMHO :))


bye bye

			-- gg sullivan

-- 
Lorenzo Cavallaro	`Gigi Sullivan' <sullivan@sikurezza.org>

Until I loved, life had no beauty;
I did not know I lived until I had loved. (Theodor Korner)

Kernel-audit:  discussion list for security and the linux kernel
Archive:       http://mail.nl.linux.org/kernel-audit/