Research
Skip Research Menus
Research MenuSecurity Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links |
SELinux Mailing ListRe: policyrep questions
From: Karl MacMillan <kmacmillan_at_mentalrootkit.com>
Date: Wed, 09 May 2007 11:51:00 -0400
It's not clear - it will be _very_ hard to guarantee that the data structures are in some sort of semi-valid state so that the free function could be called again.
> At that Basically - the worst case is a leak. And bear in mind, this is a failure case caused by the inability to allocate a couple of bytes. Chances are we are about to hit many other unrecoverable errors. To make this worse - there are several cases where I ignore failures in free functions. In error paths that free an object I usually want to return the original error and not the error on free - so I ignore the return from the free functions.
> What do other libraries do under similar conditions? Or do they avoid No idea. It is hard to fully encapsulate all structs and avoid this issue I think. Even if I made it so that the library could internally put all of the structs on the stack users of the library would be faced with exactly the same set of issues. I vote to suppress all of these free errors (which don't occur often - most of these functions have error returns just for the consistency that is needed for the object system).
> It might be more efficient in many cases. Obviously we can't protect against malicious callers, but forcing people to pass length makes them aware of the issues I think.
> What specific advantages would accrue to libsepol from using We are going to start wanting to build up some complex strings as part of the policyrep work. That kind of concatenation is painful with the C string APIS (and inefficient). Vstr is also designed to be easy / efficient to use to push strings across the network.
> What is the cost (incl. dependencies)? I don't think there are any deps. It's not in fedora yet, but it will be soon. Karl -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Wed 9 May 2007 - 11:51:03 EDT |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |